A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-23-138 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fortinet
Published: 2023-12-13T06:42:44.194Z
Updated: 2023-12-13T06:42:44.194Z
Reserved: 2023-06-25T18:03:39.227Z
Link: CVE-2023-36639
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-13T07:15:12.900
Modified: 2023-12-15T18:54:15.480
Link: CVE-2023-36639
JSON object: View
Redhat Information
No data.
CWE