CVE-2023-36639

Summary

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.4.0affected
FortinetFortiOS7.2.0 <= 7.2.4affected
FortinetFortiOS7.0.0 <= 7.0.11affected
FortinetFortiOS6.4.0 <= 6.4.12affected
FortinetFortiOS6.2.0 <= 6.2.15affected
FortinetFortiOS6.0.0 <= 6.0.17affected
FortinetFortiPAM1.1.0affected
FortinetFortiPAM1.0.0 <= 1.0.3affected
FortinetFortiProxy7.2.0 <= 7.2.4affected
FortinetFortiProxy7.0.0 <= 7.0.10affected

Weaknesses

  • CWE-134: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

References