CVE-2024-23113

{"id": "CVE-2024-23113", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-02-15T14:15:46.503", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-24-029", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://fortiguard.com/psirt/FG-IR-24-029", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets."}, {"lang": "es", "value": "Un uso de cadena de formato controlada externamente en Fortinet FortiOS versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.6, 7.0.0 a 7.0.13, FortiProxy versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.8, 7.0.0 a 7.0.14, versiones de FortiPAM 1.2.0, 1.1.0 a 1.1.2, 1.0.0 a 1.0.3, versiones de FortiSwitchManager 7.2.0 a 7.2.3, 7.0.0 a 7.0. 3 permite al atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de paquetes especialmente manipulados."}], "lastModified": "2024-11-29T15:09:12.633", "cisaActionDue": "2024-10-30", "cisaExploitAdd": "2024-10-09", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94C6FBEA-B8B8-4A92-9CAF-F4A125577C3C", "versionEndIncluding": "7.0.14", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "406F8C48-85CE-46AF-BE5C-0ED9E3E16A39", "versionEndIncluding": "7.2.8", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8DD8789-6485-49E6-92D3-74004D9B6E9B", "versionEndIncluding": "7.4.2", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF2B9FD3-9581-465E-A5E1-A1BCEFB0DFA3", "versionEndIncluding": "7.0.3", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "094185B2-8DC1-46C2-B160-31BEEFDB2CC7", "versionEndIncluding": "7.2.3", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF27CA2F-3F4C-4CCB-B832-0E792673C429", "versionEndIncluding": "7.0.13", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24D09A92-81EC-4003-B017-C67FC739EEBF", "versionEndIncluding": "7.2.6", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49C323D0-5B01-4DB2-AB98-7113D8E607B6", "versionEndIncluding": "7.4.2", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BA2C6ED-2765-4B56-9B37-10C50BD32C75", "versionEndIncluding": "1.0.3", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0060F1F-527F-4E91-A59F-F3141977CB7A", "versionEndIncluding": "1.1.2", "versionStartIncluding": "1.1.0"}, {"criteria": "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D0927D1-F469-4344-B4C9-3190645F5899"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Fortinet Multiple Products Format String Vulnerability"}