In practice, exploitation of this vulnerability is nuanced, and not all vulnerable versions are exploitable due to requiring certificates which can only be configured by an administrator. As such, and as per this full writeup, the real-world risk is likely lower than its CVSS score suggests.
CVE-2024-23113
Published Feb 15, 2024
·
Last updated 8 days ago
Description
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Insights
Analysis from the Intruder Security Team Published Oct 15, 2024
Risk scores
CVSS 3.1
- Primary
- 9.8
- 5.9
- 3.9
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CRITICAL
Known exploits
Data from CISA
Fortinet Multiple Products Format String Vulnerability
Oct 9, 2024
Oct 30, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Weaknesses
Source
psirt@fortinet.com
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94C6FBEA-B8B8-4A92-9CAF-F4A125577C3C",
"versionEndIncluding": "7.0.14",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "406F8C48-85CE-46AF-BE5C-0ED9E3E16A39",
"versionEndIncluding": "7.2.8",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8DD8789-6485-49E6-92D3-74004D9B6E9B",
"versionEndIncluding": "7.4.2",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF2B9FD3-9581-465E-A5E1-A1BCEFB0DFA3",
"versionEndIncluding": "7.0.3",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "094185B2-8DC1-46C2-B160-31BEEFDB2CC7",
"versionEndIncluding": "7.2.3",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF27CA2F-3F4C-4CCB-B832-0E792673C429",
"versionEndIncluding": "7.0.13",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24D09A92-81EC-4003-B017-C67FC739EEBF",
"versionEndIncluding": "7.2.6",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49C323D0-5B01-4DB2-AB98-7113D8E607B6",
"versionEndIncluding": "7.4.2",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3BA2C6ED-2765-4B56-9B37-10C50BD32C75",
"versionEndIncluding": "1.0.3",
"versionStartIncluding": "1.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0060F1F-527F-4E91-A59F-F3141977CB7A",
"versionEndIncluding": "1.1.2",
"versionStartIncluding": "1.1.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D0927D1-F469-4344-B4C9-3190645F5899"
}
],
"operator": "OR"
}
]
}
]