admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2023/36xxx/CVE-2023-36640.json
CVE Team df68a2919f
"-Synchronized-Data."
2024-05-14 17:00:38 +00:00

157 lines
7.0 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-36640",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands",
"cweId": "CWE-134"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.4"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.10"
},
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.14"
},
{
"version_affected": "<=",
"version_name": "1.2.0",
"version_value": "1.2.13"
},
{
"version_affected": "<=",
"version_name": "1.1.0",
"version_value": "1.1.6"
},
{
"version_affected": "<=",
"version_name": "1.0.0",
"version_value": "1.0.7"
}
]
}
},
{
"product_name": "FortiPAM",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.0",
"version_value": "1.0.3"
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.12"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.14"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.16"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-137",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-23-137"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiOS version 7.4.1 or above \nPlease upgrade to FortiOS version 7.2.6 or above \nPlease upgrade to FortiSwitchManager version 7.2.3 or above \nPlease upgrade to FortiSwitchManager version 7.0.3 or above \nPlease upgrade to FortiProxy version 7.2.6 or above \nPlease upgrade to FortiProxy version 7.0.12 or above \nPlease upgrade to FortiPAM version 1.1.1 or above \nPlease upgrade to FortiSASE version 22.4 or above \n"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink