CVE-2023-45583

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-45583
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://fortiguard.com/psirt/FG-IR-23-137 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
History

23 May 2024, 16:23

Type Values Removed Values Added
References () https://fortiguard.com/psirt/FG-IR-23-137 - () https://fortiguard.com/psirt/FG-IR-23-137 - Vendor Advisory
First Time Fortinet
Fortinet fortipam
Fortinet fortiproxy
Fortinet fortios
Fortinet fortiswitchmanager
CVSS v2 : unknown
v3 : 6.7 		v2 : unknown
v3 : 7.2
Summary
  • (es) Un uso de cadena de formato controlada externamente en Fortinet FortiProxy versiones 7.2.0 a 7.2.5, 7.0.0 a 7.0.11, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13, 1.1.0 a 1.1. 6 Versiones de FortiPAM 1.1.0, 1.0.0 a 1.0.3 Versiones de FortiOS 7.4.0, 7.2.0 a 7.2.5, 7.0.0 a 7.0.13, 6.4.0 a 6.4.14, 6.2.0 a 6.2. 15 Las versiones 7.2.0 a 7.2.2, 7.0.0 a 7.0.2 de FortiSwitchManager permiten a un atacante ejecutar código o comandos no autorizados a través de comandos cli y solicitudes http especialmente manipulados.
CPE cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*

14 May 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-14 17:15

Updated : 2024-05-23 16:23

NVD link : CVE-2023-45583

Mitre link : CVE-2023-45583

CVE.ORG link : CVE-2023-45583

JSON object : View

Products Affected

fortinet

  • fortipam
  • fortios
  • fortiproxy
  • fortiswitchmanager
CWE
CWE-134

Use of Externally-Controlled Format String