Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-36639: Fortiguard

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.

CVE
#vulnerability#ios#auth#ssl

FortiOS & FortiProxy - Format String Bug in HTTPSd

Summary

A format string vulnerability [CWE-134] in the HTTPSd daemon of FortiOS, FortiProxy and FortiPAM may allow an authenticated user to execute unauthorized code or commands via specially crafted API requests.

Version

Affected

Solution

FortiOS 7.4

7.4.0

Upgrade to 7.4.1 or above

FortiOS 7.2

7.2.0 through 7.2.4

Upgrade to 7.2.5 or above

FortiOS 7.0

7.0.0 through 7.0.11

Upgrade to 7.0.12 or above

FortiOS 6.4

6.4.0 through 6.4.12

Upgrade to 6.4.13 or above

FortiOS 6.2

6.2.0 through 6.2.15

Upgrade to 6.2.16 or above

FortiOS 6.0

6.0 all versions

Migrate to a fixed release

FortiPAM 1.2

Not affected

Not Applicable

FortiPAM 1.1

1.1.0

Upgrade to 1.1.1 or above

FortiPAM 1.0

1.0 all versions

Migrate to a fixed release

FortiProxy 7.4

Not affected

Not Applicable

FortiProxy 7.2

7.2.0 through 7.2.4

Upgrade to 7.2.5 or above

FortiProxy 7.0

7.0.0 through 7.0.10

Upgrade to 7.0.11 or above

Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool

Virtual Patch named “FortiOS.FortiSASE.Daemon.Format.String.” is available in FMWP db update 23.104

edited on: 2023-10-23 12:53

Acknowledgement

Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team in the frame of an internal audit of the SSL-VPN component.

Timeline

2023-12-08: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907