Vulnerability Description
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortiproxy | >= 7.0.0, <= 7.0.14 |
| Fortinet | Fortiswitchmanager | >= 7.0.0, <= 7.0.3 |
| Fortinet | Fortios | >= 7.0.0, <= 7.0.13 |
| Fortinet | Fortipam | >= 1.0.0, <= 1.0.3 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/psirt/FG-IR-24-029Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-24-029Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-US Government Resource
FAQ
What is CVE-2024-23113?
CVE-2024-23113 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, ...
How severe is CVE-2024-23113?
CVE-2024-23113 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-23113?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiproxy, Fortinet Fortiswitchmanager, Fortinet Fortios, Fortinet Fortipam.