CVE-2023-45583

Summary

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0.0 through 6.0.16, FortiPAM 1.1.0, FortiPAM 1.0 all versions, FortiProxy 7.2.0 through 7.2.5, FortiProxy 7.0.0 through 7.0.11, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiSwitchManager 7.2.0 through 7.2.2, FortiSwitchManager 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSwitchManager7.2.0 <= 7.2.2affected
FortinetFortiSwitchManager7.0.0 <= 7.0.2affected
FortinetFortiOS7.4.0affected
FortinetFortiOS7.2.0 <= 7.2.5affected
FortinetFortiOS7.0.0 <= 7.0.12affected
FortinetFortiOS6.4.0 <= 6.4.16affected
FortinetFortiOS6.2.0 <= 6.2.17affected
FortinetFortiProxy7.2.0 <= 7.2.4affected
FortinetFortiProxy7.0.0 <= 7.0.10affected
FortinetFortiPAM1.1.0affected
FortinetFortiPAM1.0.0 <= 1.0.3affected

Weaknesses

  • CWE-134: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References