CVE-2024-23113 - Fortinet Multiple Products Format String Vulnerability

Vulnerability Name

Fortinet Multiple Products Format String Vulnerability

Description

Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.fortiguard.com/psirt/FG-IR-24-029

https://nvd.nist.gov/vuln/detail/CVE-2024-23113

Related News Articles

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day AttackOctober 22, 2024

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)October 15, 2024

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security PatchesOctober 10, 2024

CISA says critical Fortinet RCE flaw now exploited in attacksOctober 10, 2024