CVE-2023-45583

EUVD-2023-49875
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
fortinetfortiproxy
𝑥
< 7.0.12
fortinetfortiproxy
7.2.0 <
𝑥
< 7.2.6
fortinetfortiswitchmanager
7.0.0 ≤
𝑥
< 7.0.3
fortinetfortiswitchmanager
7.2.0 ≤
𝑥
< 7.2.3
fortinetfortios
𝑥
< 7.2.6
fortinetfortios
6.2.0 ≤
𝑥
≤ 6.2.16
fortinetfortios
6.4.0 ≤
𝑥
≤ 6.4.15
fortinetfortios
7.0.0 ≤
𝑥
≤ 7.0.12
fortinetfortios
7.2.0 ≤
𝑥
≤ 7.2.5
fortinetfortios
7.4.0
fortinetfortipam
1.0.0 ≤
𝑥
≤ 1.0.3
fortinetfortipam
1.1.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
fortinetfortiproxy
7.2.0 ≤
𝑥
≤ 7.2.5
ADP
fortinetfortiproxy
7.0.0 ≤
𝑥
≤ 7.0.11
ADP
fortinetfortiproxy
1.0.0 ≤
𝑥
≤ 2.*
ADP
fortinetfortiswitchmanager
7.0.0 ≤
𝑥
≤ 7.0.2
ADP
fortinetfortiswitchmanager
7.2.0 ≤
𝑥
≤ 7.2.2
ADP
fortinetfortios
7.2.0 ≤
𝑥
≤ 7.2.5
ADP
fortinetfortios
6.0.0 ≤
𝑥
≤ 6.0.16
ADP
fortinetfortipam
1.0.0 ≤
𝑥
≤ 1.1.*
ADP
Common Weakness Enumeration
References
https://fortiguard.com/psirt/FG-IR-23-137
https://fortiguard.com/psirt/FG-IR-23-137