A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-23-138 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2023-12-13T06:42:44.194Z
Updated: 2024-08-02T16:52:54.282Z
Reserved: 2023-06-25T18:03:39.227Z
Link: CVE-2023-36639
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-13T07:15:12.900
Modified: 2024-11-21T08:10:09.100
Link: CVE-2023-36639
Redhat
No data.