CVE-2023-29181

CVE Database · CVE-2023-29181

CVE-2023-29181

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

0.72%

Published

Feb 22, 2024

Modified

Dec 10, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-134

Affected Products (8)

fortinet · fortiproxy (up to 2.0.13)vulnerable

fortinet · fortiproxy (up to 7.0.11)vulnerable

fortinet · fortiproxy (up to 7.2.5)vulnerable

fortinet · fortios (up to 6.2.15)vulnerable

fortinet · fortios (up to 6.4.13)vulnerable

fortinet · fortios (up to 7.0.12)vulnerable

fortinet · fortios (up to 7.2.5)vulnerable