CVE-2024-23113 (GCVE-0-2024-23113)
Vulnerability from cvelistv5 – Published: 2024-02-15 13:59 – Updated: 2025-10-21 23:05Summary
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-134 - Execute unauthorized code or commands
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-24-029 | |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSwitchManager |
Affected:
7.2.0 , ≤ 7.2.3
(semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver) |
|
| Fortinet | FortiOS |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.6 (semver) Affected: 7.0.0 , ≤ 7.0.13 (semver) |
|
| Fortinet | FortiPAM |
Affected:
1.2.0
Affected: 1.1.0 , ≤ 1.1.2 (semver) Affected: 1.0.0 , ≤ 1.0.3 (semver) |
|
| Fortinet | FortiProxy |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.0.0 , ≤ 7.0.15 (semver) |
|
| fortinet | fortiswitchmanager |
Affected:
7.2.0 , ≤ 7.2.3
(semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver) cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:* |
|
| fortinet | fortios |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.6 (semver) Affected: 7.0.0 , ≤ 7.0.13 (semver) cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:* |
|
| fortinet | fortiproxy |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.0.0 , ≤ 7.0.15 (semver) cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* |
|
| fortinet | fortipam |
Affected:
1.1.0 , ≤ 1.1.2
(semver)
Affected: 1.0.0 , ≤ 1.0.3 (semver) Affected: 1.2.0 cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:* |
CISA
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 78a4f3c7-077d-4afa-945e-9cc0d076a86d
Exploited: Yes
Timestamps
First Seen: 2024-10-09
Asserted: 2024-10-09
Scope
Notes: KEV entry: Fortinet Multiple Products Format String Vulnerability | Affected: Fortinet / Multiple Products | Description: Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.fortiguard.com/psirt/FG-IR-24-029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23113
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-134 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Multiple Products |
| Due Date | 2024-10-30 |
| Date Added | 2024-10-09 |
| Vendorproject | Fortinet |
| Vulnerabilityname | Fortinet Multiple Products Format String Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 12:26 UTC
| Updated: 2026-02-06 07:17 UTC
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 18f94650-fa88-4b21-b6e4-eca40b93e5b7
Exploited: Yes
Timestamps
First Seen: 2024-10-09
Asserted: 2024-10-09
Scope
Notes: KEVIntel entry: A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13,... | Affected: Fortinet / FortiSwitchManager, FortiOS, FortiPAM, FortiProxy | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False
Evidence
Type: Public Report
Signal: Successful Exploitation
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13,... |
| Vendor | Fortinet |
| Product | FortiSwitchManager, FortiOS, FortiPAM, FortiProxy |
| Added Date | 2024-10-09T00:00:00.000Z |
| Cvss Score | 9.8 |
| Epss Score | None |
| Cvss Severity | CRITICAL |
| Epss Percentile | None |
| Used In Malware | unknown |
| Ahead Of Cisa Kev | None |
| Not Yet In Cisa Kev | False |
References
Created: 2026-06-23 14:05 UTC
| Updated: 2026-06-23 14:05 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:11.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-029",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-24-029"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortiswitchmanager",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortiswitchmanager",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortios",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.6",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortios",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.6",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortios",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.6",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortiproxy",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortiproxy",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortiproxy",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortipam",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortipam",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortipam",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23113",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T12:58:44.488595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-10-09",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23113"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:24.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23113"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-09T00:00:00.000Z",
"value": "CVE-2024-23113 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiSwitchManager",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.6",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiPAM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "1.2.0"
},
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiProxy",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-15T13:59:25.313Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-029",
"url": "https://fortiguard.com/psirt/FG-IR-24-029"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiWeb version 7.4.3 or above \nPlease upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \nPlease upgrade to FortiSwitchManager version 7.2.4 or above \nPlease upgrade to FortiSwitchManager version 7.0.4 or above \nPlease upgrade to FortiOS version 7.4.3 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiPAM version 1.2.1 or above \nPlease upgrade to FortiPAM version 1.1.3 or above \nPlease upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.16 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-23113",
"datePublished": "2024-02-15T13:59:25.313Z",
"dateReserved": "2024-01-11T16:29:07.980Z",
"dateUpdated": "2025-10-21T23:05:24.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2024-23113",
"cwes": "[\"CWE-134\"]",
"dateAdded": "2024-10-09",
"dueDate": "2024-10-30",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://www.fortiguard.com/psirt/FG-IR-24-029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23113",
"product": "Multiple Products",
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.",
"vendorProject": "Fortinet",
"vulnerabilityName": "Fortinet Multiple Products Format String Vulnerability"
},
"epss": {
"cve": "CVE-2024-23113",
"date": "2026-07-02",
"epss": "0.61725",
"percentile": "0.99064"
},
"fkie_nvd": {
"cisaActionDue": "2024-10-30",
"cisaExploitAdd": "2024-10-09",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Fortinet Multiple Products Format String Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndIncluding\": \"7.0.14\", \"matchCriteriaId\": \"94C6FBEA-B8B8-4A92-9CAF-F4A125577C3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.2.0\", \"versionEndIncluding\": \"7.2.8\", \"matchCriteriaId\": \"406F8C48-85CE-46AF-BE5C-0ED9E3E16A39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.4.0\", \"versionEndIncluding\": \"7.4.2\", \"matchCriteriaId\": \"A8DD8789-6485-49E6-92D3-74004D9B6E9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndIncluding\": \"7.0.3\", \"matchCriteriaId\": \"CF2B9FD3-9581-465E-A5E1-A1BCEFB0DFA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.2.0\", \"versionEndIncluding\": \"7.2.3\", \"matchCriteriaId\": \"094185B2-8DC1-46C2-B160-31BEEFDB2CC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndIncluding\": \"7.0.13\", \"matchCriteriaId\": \"DF27CA2F-3F4C-4CCB-B832-0E792673C429\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.2.0\", \"versionEndIncluding\": \"7.2.6\", \"matchCriteriaId\": \"24D09A92-81EC-4003-B017-C67FC739EEBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.4.0\", \"versionEndIncluding\": \"7.4.2\", \"matchCriteriaId\": \"49C323D0-5B01-4DB2-AB98-7113D8E607B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0.0\", \"versionEndIncluding\": \"1.0.3\", \"matchCriteriaId\": \"3BA2C6ED-2765-4B56-9B37-10C50BD32C75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.1.0\", \"versionEndIncluding\": \"1.1.2\", \"matchCriteriaId\": \"D0060F1F-527F-4E91-A59F-F3141977CB7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D0927D1-F469-4344-B4C9-3190645F5899\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.\"}, {\"lang\": \"es\", \"value\": \"Un uso de cadena de formato controlada externamente en Fortinet FortiOS versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.6, 7.0.0 a 7.0.13, FortiProxy versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.8, 7.0.0 a 7.0.14, versiones de FortiPAM 1.2.0, 1.1.0 a 1.1.2, 1.0.0 a 1.0.3, versiones de FortiSwitchManager 7.2.0 a 7.2.3, 7.0.0 a 7.0. 3 permite al atacante ejecutar c\\u00f3digo o comandos no autorizados a trav\\u00e9s de paquetes especialmente manipulados.\"}]",
"id": "CVE-2024-23113",
"lastModified": "2024-11-29T15:09:12.633",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2024-02-15T14:15:46.503",
"references": "[{\"url\": \"https://fortiguard.com/psirt/FG-IR-24-029\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://fortiguard.com/psirt/FG-IR-24-029\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"psirt@fortinet.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-134\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-23113\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2024-02-15T14:15:46.503\",\"lastModified\":\"2026-06-17T07:12:03.503\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.\"},{\"lang\":\"es\",\"value\":\"Un uso de cadena de formato controlada externamente en Fortinet FortiOS versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.6, 7.0.0 a 7.0.13, FortiProxy versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.8, 7.0.0 a 7.0.14, versiones de FortiPAM 1.2.0, 1.1.0 a 1.1.2, 1.0.0 a 1.0.3, versiones de FortiSwitchManager 7.2.0 a 7.2.3, 7.0.0 a 7.0. 3 permite al atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de paquetes especialmente manipulados.\"}],\"affected\":[{\"source\":\"psirt@fortinet.com\",\"affectedData\":[{\"vendor\":\"Fortinet\",\"product\":\"FortiSwitchManager\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"7.2.0\",\"lessThanOrEqual\":\"7.2.3\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThanOrEqual\":\"7.0.3\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Fortinet\",\"product\":\"FortiOS\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"7.4.0\",\"lessThanOrEqual\":\"7.4.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.2.0\",\"lessThanOrEqual\":\"7.2.6\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThanOrEqual\":\"7.0.13\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Fortinet\",\"product\":\"FortiPAM\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"1.2.0\",\"status\":\"affected\"},{\"version\":\"1.1.0\",\"lessThanOrEqual\":\"1.1.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.0.0\",\"lessThanOrEqual\":\"1.0.3\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Fortinet\",\"product\":\"FortiProxy\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"7.4.0\",\"lessThanOrEqual\":\"7.4.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.2.0\",\"lessThanOrEqual\":\"7.2.8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThanOrEqual\":\"7.0.15\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"fortinet\",\"product\":\"fortiswitchmanager\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"7.2.0\",\"lessThanOrEqual\":\"7.2.3\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThanOrEqual\":\"7.0.3\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"fortinet\",\"product\":\"fortiswitchmanager\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"7.2.0\",\"lessThanOrEqual\":\"7.2.3\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThanOrEqual\":\"7.0.3\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"fortinet\",\"product\":\"fortios\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"7.4.0\",\"lessThanOrEqual\":\"7.4.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.2.0\",\"lessThanOrEqual\":\"7.2.6\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThanOrEqual\":\"7.0.13\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"fortinet\",\"product\":\"fortios\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"7.4.0\",\"lessThanOrEqual\":\"7.4.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.2.0\",\"lessThanOrEqual\":\"7.2.6\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThanOrEqual\":\"7.0.13\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"fortinet\",\"product\":\"fortios\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"7.4.0\",\"lessThanOrEqual\":\"7.4.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.2.0\",\"lessThanOrEqual\":\"7.2.6\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThanOrEqual\":\"7.0.13\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"fortinet\",\"product\":\"fortiproxy\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"7.4.0\",\"lessThanOrEqual\":\"7.4.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.2.0\",\"lessThanOrEqual\":\"7.2.8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThanOrEqual\":\"7.0.15\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"fortinet\",\"product\":\"fortiproxy\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"7.4.0\",\"lessThanOrEqual\":\"7.4.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.2.0\",\"lessThanOrEqual\":\"7.2.8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThanOrEqual\":\"7.0.15\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"fortinet\",\"product\":\"fortiproxy\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"7.4.0\",\"lessThanOrEqual\":\"7.4.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.2.0\",\"lessThanOrEqual\":\"7.2.8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThanOrEqual\":\"7.0.15\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"fortinet\",\"product\":\"fortipam\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"1.1.0\",\"lessThanOrEqual\":\"1.1.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.0.0\",\"lessThanOrEqual\":\"1.0.3\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.2.0\",\"status\":\"affected\"}]},{\"vendor\":\"fortinet\",\"product\":\"fortipam\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"1.1.0\",\"lessThanOrEqual\":\"1.1.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.0.0\",\"lessThanOrEqual\":\"1.0.3\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.2.0\",\"status\":\"affected\"}]},{\"vendor\":\"fortinet\",\"product\":\"fortipam\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"1.1.0\",\"lessThanOrEqual\":\"1.1.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.0.0\",\"lessThanOrEqual\":\"1.0.3\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.2.0\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-10-09T12:58:44.488595Z\",\"id\":\"CVE-2024-23113\",\"options\":[{\"exploitation\":\"active\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"cisaExploitAdd\":\"2024-10-09\",\"cisaActionDue\":\"2024-10-30\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Fortinet Multiple Products Format String Vulnerability\",\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-134\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.14\",\"matchCriteriaId\":\"94C6FBEA-B8B8-4A92-9CAF-F4A125577C3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndIncluding\":\"7.2.8\",\"matchCriteriaId\":\"406F8C48-85CE-46AF-BE5C-0ED9E3E16A39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndIncluding\":\"7.4.2\",\"matchCriteriaId\":\"A8DD8789-6485-49E6-92D3-74004D9B6E9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.3\",\"matchCriteriaId\":\"CF2B9FD3-9581-465E-A5E1-A1BCEFB0DFA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndIncluding\":\"7.2.3\",\"matchCriteriaId\":\"094185B2-8DC1-46C2-B160-31BEEFDB2CC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.13\",\"matchCriteriaId\":\"DF27CA2F-3F4C-4CCB-B832-0E792673C429\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndIncluding\":\"7.2.6\",\"matchCriteriaId\":\"24D09A92-81EC-4003-B017-C67FC739EEBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndIncluding\":\"7.4.2\",\"matchCriteriaId\":\"49C323D0-5B01-4DB2-AB98-7113D8E607B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"1.0.3\",\"matchCriteriaId\":\"3BA2C6ED-2765-4B56-9B37-10C50BD32C75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.0\",\"versionEndIncluding\":\"1.1.2\",\"matchCriteriaId\":\"D0060F1F-527F-4E91-A59F-F3141977CB7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D0927D1-F469-4344-B4C9-3190645F5899\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-24-029\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-24-029\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23113\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"FortiSwitchManager\", \"defaultStatus\": \"unaffected\", \"versions\": [{\"versionType\": \"semver\", \"version\": \"7.2.0\", \"lessThanOrEqual\": \"7.2.3\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"7.0.0\", \"lessThanOrEqual\": \"7.0.3\", \"status\": \"affected\"}]}, {\"vendor\": \"Fortinet\", \"product\": \"FortiOS\", \"defaultStatus\": \"unaffected\", \"versions\": [{\"versionType\": \"semver\", \"version\": \"7.4.0\", \"lessThanOrEqual\": \"7.4.2\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"7.2.0\", \"lessThanOrEqual\": \"7.2.6\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"7.0.0\", \"lessThanOrEqual\": \"7.0.13\", \"status\": \"affected\"}]}, {\"vendor\": \"Fortinet\", \"product\": \"FortiPAM\", \"defaultStatus\": \"unaffected\", \"versions\": [{\"version\": \"1.2.0\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"1.1.0\", \"lessThanOrEqual\": \"1.1.2\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"1.0.0\", \"lessThanOrEqual\": \"1.0.3\", \"status\": \"affected\"}]}, {\"vendor\": \"Fortinet\", \"product\": \"FortiProxy\", \"defaultStatus\": \"unaffected\", \"versions\": [{\"versionType\": \"semver\", \"version\": \"7.4.0\", \"lessThanOrEqual\": \"7.4.2\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"7.2.0\", \"lessThanOrEqual\": \"7.2.8\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"version\": \"7.0.0\", \"lessThanOrEqual\": \"7.0.15\", \"status\": \"affected\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.\"}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2024-02-15T13:59:25.313Z\"}, \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-134\", \"description\": \"Execute unauthorized code or commands\", \"type\": \"CWE\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C\"}}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiWeb version 7.4.3 or above \\nPlease upgrade to FortiVoice version 7.0.2 or above \\nPlease upgrade to FortiVoice version 6.4.9 or above \\nPlease upgrade to FortiSwitchManager version 7.2.4 or above \\nPlease upgrade to FortiSwitchManager version 7.0.4 or above \\nPlease upgrade to FortiOS version 7.4.3 or above \\nPlease upgrade to FortiOS version 7.2.7 or above \\nPlease upgrade to FortiOS version 7.0.14 or above \\nPlease upgrade to FortiAuthenticator version 7.0.0 or above \\nPlease upgrade to FortiPAM version 1.2.1 or above \\nPlease upgrade to FortiPAM version 1.1.3 or above \\nPlease upgrade to FortiProxy version 7.4.3 or above \\nPlease upgrade to FortiProxy version 7.2.9 or above \\nPlease upgrade to FortiProxy version 7.0.16 or above \\n\"}], \"references\": [{\"name\": \"https://fortiguard.com/psirt/FG-IR-24-029\", \"url\": \"https://fortiguard.com/psirt/FG-IR-24-029\"}]}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:51:11.285Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"https://fortiguard.com/psirt/FG-IR-24-029\", \"url\": \"https://fortiguard.com/psirt/FG-IR-24-029\", \"tags\": [\"x_transferred\"]}]}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23113\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-09T12:58:44.488595Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-10-09\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23113\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*\"], \"vendor\": \"fortinet\", \"product\": \"fortiswitchmanager\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.3\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.3\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*\"], \"vendor\": \"fortinet\", \"product\": \"fortiswitchmanager\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.3\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.3\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*\"], \"vendor\": \"fortinet\", \"product\": \"fortios\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.6\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.13\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*\"], \"vendor\": \"fortinet\", \"product\": \"fortios\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.6\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.13\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*\"], \"vendor\": \"fortinet\", \"product\": \"fortios\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.6\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.13\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\"], \"vendor\": \"fortinet\", \"product\": \"fortiproxy\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.8\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.15\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\"], \"vendor\": \"fortinet\", \"product\": \"fortiproxy\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.8\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.15\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\"], \"vendor\": \"fortinet\", \"product\": \"fortiproxy\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.8\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.15\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*\"], \"vendor\": \"fortinet\", \"product\": \"fortipam\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.1.2\"}, {\"status\": \"affected\", \"version\": \"1.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.0.3\"}, {\"status\": \"affected\", \"version\": \"1.2.0\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*\"], \"vendor\": \"fortinet\", \"product\": \"fortipam\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.1.2\"}, {\"status\": \"affected\", \"version\": \"1.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.0.3\"}, {\"status\": \"affected\", \"version\": \"1.2.0\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*\"], \"vendor\": \"fortinet\", \"product\": \"fortipam\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.1.2\"}, {\"status\": \"affected\", \"version\": \"1.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.0.3\"}, {\"status\": \"affected\", \"version\": \"1.2.0\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-28T16:23:52.749Z\"}, \"timeline\": [{\"time\": \"2024-10-09T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2024-23113 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
"cveMetadata": "{\"cveId\": \"CVE-2024-23113\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"fortinet\", \"dateReserved\": \"2024-01-11T16:29:07.980Z\", \"datePublished\": \"2024-02-15T13:59:25.313Z\", \"dateUpdated\": \"2025-07-28T19:42:48.877Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…