What is the severity of FG-IR-23-137?

FG-IR-23-137 has a high severity rating due to the potential for arbitrary code execution by an authenticated attacker.

How do I fix FG-IR-23-137?

To fix FG-IR-23-137, upgrade FortiOS, FortiProxy, FortiPAM, or FortiSwitchManager to the recommended versions or later.

Which products are affected by FG-IR-23-137?

FG-IR-23-137 affects FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager with various version ranges.

Can FG-IR-23-137 be exploited remotely?

FG-IR-23-137 requires authentication, hence exploitation must come from an authenticated attacker.

What are the potential impacts of FG-IR-23-137?

The potential impacts of FG-IR-23-137 include arbitrary code execution, which can lead to system compromise.

Vulnerability/
FG-IR-23-137

medium

6.5

14/5/2024

23/10/2024

FG-IR-23-137: Format String Bug in cli command

First published: Tue May 14 2024(Updated: )

Multiple format string bug vulnerabilitues [CWE-134] in FortiOS, FortiProxy, FortiPAM & FortiSwitchManager command line interpreter and httpd may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted commands and http requests.

Affected Software	Affected Version	How to fix
Fortinet FortiOS IPS Engine	=.
Fortinet FortiOS IPS Engine	>=7.2.0<=7.2.5
Fortinet FortiOS IPS Engine	>=7.0
Fortinet FortiOS IPS Engine	>=6.4
Fortinet FortiOS IPS Engine	>=6.2
Fortinet FortiOS IPS Engine	>=6.0.0<=6.0.16
FortiGuard FortiPAM	=.
FortiGuard FortiPAM	>=1.0
Fortinet FortiProxy	>=7.2.0<=7.2.5
Fortinet FortiProxy	>=7.0.0<=7.0.11
Fortinet FortiProxy	>=2.0
Fortinet FortiProxy	>=1.2
Fortinet FortiProxy	>=1.1
Fortinet FortiProxy	>=1.0
Fortinet FortiSwitchManager	>=7.2.0<=7.2.2
Fortinet FortiSwitchManager	>=7.0.0<=7.0.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of FG-IR-23-137?
FG-IR-23-137 has a high severity rating due to the potential for arbitrary code execution by an authenticated attacker.
How do I fix FG-IR-23-137?
To fix FG-IR-23-137, upgrade FortiOS, FortiProxy, FortiPAM, or FortiSwitchManager to the recommended versions or later.
Which products are affected by FG-IR-23-137?
FG-IR-23-137 affects FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager with various version ranges.
Can FG-IR-23-137 be exploited remotely?
FG-IR-23-137 requires authentication, hence exploitation must come from an authenticated attacker.
What are the potential impacts of FG-IR-23-137?
The potential impacts of FG-IR-23-137 include arbitrary code execution, which can lead to system compromise.

agent/type
agent/first-publish-date
agent/severity
agent/title
agent/references
agent/softwarecombine
agent/description
collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2023-36640
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/tags
collector/fortiguard-psirt
alias/CVE-2023-45583
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/fortinet
canonical/fortinet fortios ips engine
version/fortinet fortios ips engine/.
version/fortinet fortios ips engine/7.2.0
version/fortinet fortios ips engine/7.2.5
version/fortinet fortios ips engine/7.0
version/fortinet fortios ips engine/6.4
version/fortinet fortios ips engine/6.2
version/fortinet fortios ips engine/6.0.0
version/fortinet fortios ips engine/6.0.16
canonical/fortiguard fortipam
version/fortiguard fortipam/.
version/fortiguard fortipam/1.0
canonical/fortinet fortiproxy
version/fortinet fortiproxy/7.2.0
version/fortinet fortiproxy/7.2.5
version/fortinet fortiproxy/7.0.0
version/fortinet fortiproxy/7.0.11
version/fortinet fortiproxy/2.0
version/fortinet fortiproxy/1.2
version/fortinet fortiproxy/1.1
version/fortinet fortiproxy/1.0
canonical/fortinet fortiswitchmanager
version/fortinet fortiswitchmanager/7.2.0
version/fortinet fortiswitchmanager/7.2.2
version/fortinet fortiswitchmanager/7.0.0
version/fortinet fortiswitchmanager/7.0.2