← Voltar para CVEs
CVE-2024-23113
CRITICALCISA KEV9.8
Descricao
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/15/2024
Ultima modificacao10/24/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorFortinet
ProdutoMultiple Products
Nome da vulnerabilidadeFortinet Multiple Products Format String Vulnerability
Data inclusao KEV2024-10-09
Prazo de remediacao2024-10-30
Uso em ransomwareUnknown
Produtos afetados
fortinet:fortiosfortinet:fortipamfortinet:fortiproxyfortinet:fortiswitchmanager
Fraquezas (CWE)
CWE-134
Referencias
https://fortiguard.com/psirt/FG-IR-24-029(psirt@fortinet.com)
https://fortiguard.com/psirt/FG-IR-24-029(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23113(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.