FG-IR-24-029: Format String Bug in fgfmd
First published: Thu Feb 08 2024(Updated: )
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. A third-party report is indicating this may be exploited in the wild.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiOS IPS Engine | >=7.4.0<=7.4.2 | |
| Fortinet FortiOS IPS Engine | >=7.2.0<=7.2.6 | |
| Fortinet FortiOS IPS Engine | >=7.0.0<=7.0.13 | |
| FortiGuard FortiPAM | >=1.2 | |
| FortiGuard FortiPAM | >=1.1 | |
| FortiGuard FortiPAM | >=1.0 | |
| Fortinet FortiProxy | >=7.4.0<=7.4.2 | |
| Fortinet FortiProxy | >=7.2.0<=7.2.8 | |
| Fortinet FortiProxy | >=7.0.0<=7.0.15 | |
| Fortinet FortiSwitchManager | >=7.2.0<=7.2.3 | |
| Fortinet FortiSwitchManager | >=7.0.0<=7.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of FG-IR-24-029?
The severity of FG-IR-24-029 is high, as it may allow remote unauthenticated attackers to execute arbitrary code.
How do I fix FG-IR-24-029?
To fix FG-IR-24-029, upgrade FortiOS to version 7.4.3 or higher, or apply the appropriate patches for affected versions.
What products are affected by FG-IR-24-029?
FG-IR-24-029 affects multiple versions of FortiOS, FortiProxy, FortiSwitchManager, and FortiPAM.
Can FG-IR-24-029 be exploited in the wild?
Yes, reports indicate that FG-IR-24-029 can be exploited in the wild by attackers.
Is there a workaround for FG-IR-24-029 before applying a patch?
There is no specific workaround for FG-IR-24-029, so it is recommended to apply available patches promptly.
- agent/type
- agent/first-publish-date
- agent/references
- agent/severity
- agent/title
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2024-23113
- agent/event
- agent/source
- agent/tags
- collector/fortiguard-psirt
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortinet fortios ips engine
- version/fortinet fortios ips engine/7.4.0
- version/fortinet fortios ips engine/7.4.2
- version/fortinet fortios ips engine/7.2.0
- version/fortinet fortios ips engine/7.2.6
- version/fortinet fortios ips engine/7.0.0
- version/fortinet fortios ips engine/7.0.13
- canonical/fortiguard fortipam
- version/fortiguard fortipam/1.2
- version/fortiguard fortipam/1.1
- version/fortiguard fortipam/1.0
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/7.4.0
- version/fortinet fortiproxy/7.4.2
- version/fortinet fortiproxy/7.2.0
- version/fortinet fortiproxy/7.2.8
- version/fortinet fortiproxy/7.0.0
- version/fortinet fortiproxy/7.0.15
- canonical/fortinet fortiswitchmanager
- version/fortinet fortiswitchmanager/7.2.0
- version/fortinet fortiswitchmanager/7.2.3
- version/fortinet fortiswitchmanager/7.0.0
- version/fortinet fortiswitchmanager/7.0.3