Products
Fortinet FortiProxy
- 7.2.0 - 7.2.5
- 7.0.0 - 7.0.11
- 2.0.0 - 2.0.13
- 1.2.0 - 1.2.13
- 1.1.0 - 1.1.6
Fortinet FortiPAM
- 1.1.0
- 1.0.0 - 1.0.3
Fortinet FortiOS
- 7.4.0
- 7.2.0 - 7.2.5
- 7.0.0 - 7.0.13
- 6.4.0 - 6.4.14
- 6.2.0 - 6.2.15
Fortinet FortiSwitchManager
- 7.2.0 - 7.2.2
- 7.0.0 - 7.0.2
FortiPAM
- 1.1.0
- 1.0.0 - 1.0.3
FortiOS
- 7.4.0
- 7.2.0 - 7.2.5
- 7.0.0 - 7.0.13
- 6.4.0 - 6.4.14
- 6.2.0 - 6.2.15
FortiSwitchManager
- 7.2.0 - 7.2.2
- 7.0.0 - 7.0.2
Source
psirt@fortinet.com
Tags
CVE-2023-45583 details
Last Modified : May 14, 2024, 7:17 p.m.
Description
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6.7 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
6.7
Exploitability Score
Impact Score
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://fortiguard.com/psirt/FG-IR-23-137 | psirt@fortinet.com |