CVE-2023-45583

Name of the Vulnerable Software and Affected Versions FortiProxy versions 1.1.0 through 1.2.13 FortiProxy versions 2.0.0 through 2.0.13 FortiProxy versions 7.0.0 through 7.2.5 FortiPAM versions 1.0.0 through 1.1.0 FortiOS versions 6.2.0 through 7.4.0 FortiSwitchManager versions 7.0.0 through 7.2.2

Description The issue is related to the use of externally-controlled format strings in the command line interpreter and httpd of FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager. This allows an attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.

Recommendations For FortiProxy versions 1.1.0 through 1.2.13, update to a version outside of the affected range. For FortiProxy versions 2.0.0 through 2.0.13, update to a version outside of the affected range. For FortiProxy versions 7.0.0 through 7.2.5, update to a version outside of the affected range. For FortiPAM versions 1.0.0 through 1.1.0, update to a version outside of the affected range. For FortiOS versions 6.2.0 through 7.4.0, update to a version outside of the affected range. For FortiSwitchManager versions 7.0.0 through 7.2.2, update to a version outside of the affected range. As a temporary workaround, consider restricting access to the command line interpreter and httpd to minimize the risk of exploitation.