CVE-2023-40721

Summary

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiPAM1.1.0 <= 1.1.2affected
FortinetFortiPAM1.0.0 <= 1.0.3affected
FortinetFortiSwitchManager7.2.0 <= 7.2.2affected
FortinetFortiSwitchManager7.0.0 <= 7.0.2affected
FortinetFortiOS7.4.0affected
FortinetFortiOS7.2.0 <= 7.2.5affected
FortinetFortiOS7.0.0 <= 7.0.13affected
FortinetFortiOS6.4.0 <= 6.4.16affected
FortinetFortiOS6.2.0 <= 6.2.17affected
FortinetFortiProxy7.4.0affected
FortinetFortiProxy7.2.0 <= 7.2.6affected
FortinetFortiProxy7.0.0 <= 7.0.14affected
FortinetFortiProxy2.0.0 <= 2.0.14affected
FortinetFortiProxy1.2.0 <= 1.2.13affected

Weaknesses

  • CWE-134: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References