Headline
CVE-2023-36639: Fortiguard
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.
FortiOS & FortiProxy - Format String Bug in HTTPSd
Summary
A format string vulnerability [CWE-134] in the HTTPSd daemon of FortiOS, FortiProxy and FortiPAM may allow an authenticated user to execute unauthorized code or commands via specially crafted API requests.
Version
Affected
Solution
FortiOS 7.4
7.4.0
Upgrade to 7.4.1 or above
FortiOS 7.2
7.2.0 through 7.2.4
Upgrade to 7.2.5 or above
FortiOS 7.0
7.0.0 through 7.0.11
Upgrade to 7.0.12 or above
FortiOS 6.4
6.4.0 through 6.4.12
Upgrade to 6.4.13 or above
FortiOS 6.2
6.2.0 through 6.2.15
Upgrade to 6.2.16 or above
FortiOS 6.0
6.0 all versions
Migrate to a fixed release
FortiPAM 1.2
Not affected
Not Applicable
FortiPAM 1.1
1.1.0
Upgrade to 1.1.1 or above
FortiPAM 1.0
1.0 all versions
Migrate to a fixed release
FortiProxy 7.4
Not affected
Not Applicable
FortiProxy 7.2
7.2.0 through 7.2.4
Upgrade to 7.2.5 or above
FortiProxy 7.0
7.0.0 through 7.0.10
Upgrade to 7.0.11 or above
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool
Virtual Patch named “FortiOS.FortiSASE.Daemon.Format.String.” is available in FMWP db update 23.104
edited on: 2023-10-23 12:53
Acknowledgement
Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team in the frame of an internal audit of the SSL-VPN component.
Timeline
2023-12-08: Initial publication