Externally-Controlled Format String Vulnerability in Fortinet FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager

Externally-Controlled Format String Vulnerability in Fortinet FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager

CVE-2024-23113 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.

Learn more about our Cis Benchmark Audit For Apple Ios.