VYPR
Unrated severityNVD Advisory· Published Dec 13, 2023· Updated Aug 2, 2024

CVE-2023-36639

CVE-2023-36639

Description

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.

Affected products

6
  • Fortinet/Fortiproxyllm-fuzzy2 versions
    7.2.0 - 7.2.4, 7.0.0 - 7.0.10+ 1 more
    • (no CPE)range: 7.2.0 - 7.2.4, 7.0.0 - 7.0.10
    • (no CPE)range: 7.2.0
  • Fortinet/Fortipamllm-fuzzy2 versions
    1.0.0 - 1.0.3+ 1 more
    • (no CPE)range: 1.0.0 - 1.0.3
    • (no CPE)range: 1.1.0
  • Fortinet/Fortiosllm-fuzzy2 versions
    7.4.0, 7.2.0 - 7.2.4, 7.0.0 - 7.0.11, 6.4.0 - 6.4.12, 6.2.0 - 6.2.15, 6.0.0 - 6.0.17+ 1 more
    • (no CPE)range: 7.4.0, 7.2.0 - 7.2.4, 7.0.0 - 7.0.11, 6.4.0 - 6.4.12, 6.2.0 - 6.2.15, 6.0.0 - 6.0.17
    • (no CPE)range: 7.4.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.