cve/2024/CVE-2024-23113.md

### [CVE-2024-23113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23113)
![](https://img.shields.io/static/v1?label=Product&message=FortiOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=FortiPAM&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=FortiProxy&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=FortiSwitchManager&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.2.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.2.0%3C%3D%207.2.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.4.0%3C%3D%207.4.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Execute%20unauthorized%20code%20or%20commands&color=brighgreen)

### Description

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/cvedayprotech/CVE-2024-23113
- https://github.com/cvedayprotech3s/cve-2024-23113
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/foxymoxxy/CVE-2024-23113-POC
- https://github.com/labesterOct/CVE-2024-23113
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/tr1pl3ight/CVE-2024-23113-POC
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2024-23113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23113)`
			`![](https://img.shields.io/static/v1?label=Product&message=FortiOS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=FortiPAM&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=FortiProxy&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=FortiSwitchManager&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%201.2.0%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=7.2.0%3C%3D%207.2.3%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=7.4.0%3C%3D%207.4.2%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Execute%20unauthorized%20code%20or%20commands&color=brighgreen)`

			`### Description`

			`A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/cvedayprotech/CVE-2024-23113`
			`- https://github.com/cvedayprotech3s/cve-2024-23113`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`
			`- https://github.com/foxymoxxy/CVE-2024-23113-POC`
			`- https://github.com/labesterOct/CVE-2024-23113`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/tr1pl3ight/CVE-2024-23113-POC`