What is the severity of CVE-2023-48784?

CVE-2023-48784 is classified as a critical vulnerability due to its potential to allow local privileged attackers to execute arbitrary code.

How do I fix CVE-2023-48784?

To remediate CVE-2023-48784, upgrade to FortiOS version 7.4.2, 7.2.8, or 7.0.16 or later.

Which versions of FortiOS are affected by CVE-2023-48784?

CVE-2023-48784 affects FortiOS versions 7.4.1 and below, 7.2.7 and below, 7.0 all versions, and 6.4 all versions.

Who can exploit CVE-2023-48784?

CVE-2023-48784 can be exploited by local privileged attackers who have access to the CLI with a super-admin profile.

Is CVE-2023-48784 a remote vulnerability?

No, CVE-2023-48784 is a local vulnerability that requires physical or privileged CLI access to exploit.

Vulnerability/
CVE-2023-48784

medium

6.7

CWE

134 77

9/4/2024

2/12/2024

17/1/2025

CVE-2023-48784: FortiOS - Format String in CLI command

First published: Tue Apr 09 2024(Updated: )

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
FortiOS	>=7.4.0<=7.4.1
FortiOS	>=7.2.0<=7.2.7
FortiOS	>=7.0.0<=7.0.15
FortiOS	>=6.4
FortiOS	>=6.4.0<7.0.16
FortiOS	>=7.2.0<7.2.8
FortiOS	>=7.4.0<7.4.2

Remedy

Please upgrade to FortiOS version 7.4.2 or above Please upgrade to FortiOS version 7.2.8 or above

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2023-48784?
CVE-2023-48784 is classified as a critical vulnerability due to its potential to allow local privileged attackers to execute arbitrary code.
How do I fix CVE-2023-48784?
To remediate CVE-2023-48784, upgrade to FortiOS version 7.4.2, 7.2.8, or 7.0.16 or later.
Which versions of FortiOS are affected by CVE-2023-48784?
CVE-2023-48784 affects FortiOS versions 7.4.1 and below, 7.2.7 and below, 7.0 all versions, and 6.4 all versions.
Who can exploit CVE-2023-48784?
CVE-2023-48784 can be exploited by local privileged attackers who have access to the CLI with a super-admin profile.
Is CVE-2023-48784 a remote vulnerability?
No, CVE-2023-48784 is a local vulnerability that requires physical or privileged CLI access to exploit.

agent/remedy
agent/type
agent/first-publish-date
agent/title
collector/the-register
source/The Register
alias/CVE-2024-26234
alias/CVE-2024-29988
alias/CVE-2024-21322
alias/CVE-2024-21323
alias/CVE-2024-29053
alias/CVE-2023-41677
alias/CVE-2023-48784
alias/CVE-2024-23662
alias/CVE-2024-22246
alias/CVE-2024-20348
agent/news-ai
agent/weakness
agent/references
agent/severity
agent/author
collector/mitre-cve
source/MITRE
agent/description
collector/fortiguard-psirt-latest
source/FortiGuard
agent/trending
agent/last-modified-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/fortiguard-psirt
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
vendor/fortinet
canonical/fortios
version/fortios/7.4.0
version/fortios/7.4.1
version/fortios/7.2.0
version/fortios/7.2.7
version/fortios/7.0.0
version/fortios/7.0.15
version/fortios/6.4
version/fortios/6.4.0