CVE-2023-45583
Vulnerability from cvelistv5
Published
2024-05-14 16:19
Modified
2024-08-02 20:21
Severity
Summary
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.
References
Source | URL | Tags |
---|---|---|
psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-23-137 | Vendor Advisory |
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.11", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "2.*", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiswitchmanager", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.2", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiswitchmanager", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "7.4.0" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "7.0.0" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "6.4.0" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "6.2.0" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.0.16", "status": "affected", "version": "6.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortipam", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.1.*", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-45583", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T17:49:39.269934Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:19:59.485Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:21:16.756Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-137", "tags": [ "x_transferred" ], "url": "https://fortiguard.com/psirt/FG-IR-23-137" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.4", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.10", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiPAM", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "1.1.0" }, { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiSwitchManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.2", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.2", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "7.4.0" }, { "lessThanOrEqual": "7.2.5", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-134", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-14T16:19:18.797Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.com/psirt/FG-IR-23-137", "url": "https://fortiguard.com/psirt/FG-IR-23-137" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.1 or above \nPlease upgrade to FortiOS version 7.2.6 or above \nPlease upgrade to FortiSwitchManager version 7.2.3 or above \nPlease upgrade to FortiSwitchManager version 7.0.3 or above \nPlease upgrade to FortiProxy version 7.2.6 or above \nPlease upgrade to FortiProxy version 7.0.12 or above \nPlease upgrade to FortiPAM version 1.1.1 or above \nPlease upgrade to FortiSASE version 22.4 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-45583", "datePublished": "2024-05-14T16:19:18.797Z", "dateReserved": "2023-10-09T08:01:29.296Z", "dateUpdated": "2024-08-02T20:21:16.756Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-45583\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2024-05-14T17:15:22.750\",\"lastModified\":\"2024-05-23T16:23:08.470\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.\"},{\"lang\":\"es\",\"value\":\"Un uso de cadena de formato controlada externamente en Fortinet FortiProxy versiones 7.2.0 a 7.2.5, 7.0.0 a 7.0.11, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13, 1.1.0 a 1.1. 6 Versiones de FortiPAM 1.1.0, 1.0.0 a 1.0.3 Versiones de FortiOS 7.4.0, 7.2.0 a 7.2.5, 7.0.0 a 7.0.13, 6.4.0 a 6.4.14, 6.2.0 a 6.2. 15 Las versiones 7.2.0 a 7.2.2, 7.0.0 a 7.0.2 de FortiSwitchManager permiten a un atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de comandos cli y solicitudes http especialmente manipulados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-134\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0.12\",\"matchCriteriaId\":\"3D9BC2D4-EA5F-448E-A9FA-0445EF6CC9E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*\",\"versionStartExcluding\":\"7.2.0\",\"versionEndExcluding\":\"7.2.6\",\"matchCriteriaId\":\"CE24A52F-07B6-4E40-955B-7B71826AC299\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.3\",\"matchCriteriaId\":\"7F75C4E9-62F6-43F2-B941-476F31F8F39C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.2.3\",\"matchCriteriaId\":\"CC883A39-5441-45A6-AEEB-D916FA39F635\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.2.6\",\"matchCriteriaId\":\"97097B62-E92F-49F7-9D48-472C4309A716\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndIncluding\":\"6.2.16\",\"matchCriteriaId\":\"E96C569E-0642-4FDD-B65F-A5926B69021A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndIncluding\":\"6.4.15\",\"matchCriteriaId\":\"884279B3-E480-44E1-B126-5C1029B6BE75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.12\",\"matchCriteriaId\":\"BA582D59-C740-4AE7-83CA-C09A1D0EDA88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndIncluding\":\"7.2.5\",\"matchCriteriaId\":\"A6E44123-995C-4E08-84B5-FF8C76B67B29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61540F5B-080A-4D44-8BE0-75D7A0DCCB53\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"1.0.3\",\"matchCriteriaId\":\"3BA2C6ED-2765-4B56-9B37-10C50BD32C75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CC27DCF-F74C-431C-9545-F405D369AF22\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-23-137\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...