CVE-2024-23113

CVE Database · CVE-2024-23113

CVE-2024-23113

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

61.72%

Published

Feb 15, 2024

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2024-10-09 · Due: 2024-10-30

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (7)

All weaponized →

TrickestTrickest PoC index GitHub PoCp33d/CVE-2024-23113★11 GitHub PoCCheckCve2/CVE-2024-23113★1 GitHub PoCpuckiestyle/CVE-2024-23113★1 GitHub PoCMAVRICK-1/cve-2024-23113-test-env★1 GitHub PoCvalornode/CVE-2024-23113★0 GitHub PoCMinhPham123456789/PoC-CVE-2024-23113★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-134

Affected Products (11)

fortinet · fortiproxyvulnerable

fortinet · fortiswitchmanagervulnerable

fortinet · fortiosvulnerable

fortinet · fortipamvulnerable

References (3)

https://fortiguard.com/psirt/FG-IR-24-029

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-24-029

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23113

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs