A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0.0 through 6.0.16, FortiPAM 1.1.0, FortiPAM 1.0 all versions, FortiProxy 7.2.0 through 7.2.5, FortiProxy 7.0.0 through 7.0.11, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fortinet
  • Fortios
  • Fortipam
  • Fortiproxy
  • Fortiswitchmanager

Configuration 1 [-]

OR cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*

No data.

References
Link Providers
https://fortiguard.com/psirt/FG-IR-23-137 cve-icon cve-icon
History

Fri, 12 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Fortinet fortiswitchmanager
CPEs cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
Vendors & Products Fortinet fortiswitchmanager
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Description A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0.0 through 6.0.16, FortiPAM 1.1.0, FortiPAM 1.0 all versions, FortiProxy 7.2.0 through 7.2.5, FortiProxy 7.0.0 through 7.0.11, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands
CPEs cpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.17:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C'}
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2024-05-14T16:19:21.747Z

Updated: 2026-06-12T13:40:04.896Z

Reserved: 2023-06-25T18:03:39.227Z

Link: CVE-2023-36640

cve-icon Vulnrichment

Updated: 2024-08-02T16:52:54.010Z

cve-icon NVD

Status : Modified

Published: 2024-05-14T17:15:16.640

Modified: 2026-06-17T06:06:43.670

Link: CVE-2023-36640

cve-icon Redhat

No data.