{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-45583","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-10-09T08:01:29.296Z","datePublished":"2024-05-14T16:19:18.797Z","dateUpdated":"2024-08-02T20:21:16.756Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.4","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.10","status":"affected"}]},{"vendor":"Fortinet","product":"FortiPAM","defaultStatus":"unaffected","versions":[{"version":"1.1.0","status":"affected"},{"versionType":"semver","version":"1.0.0","lessThanOrEqual":"1.0.3","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSwitchManager","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.2","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.2","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","versions":[{"version":"7.4.0","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.5","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.12","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.15","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.16","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2024-05-14T16:19:18.797Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-134","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiOS version 7.4.1 or above \nPlease upgrade to FortiOS version 7.2.6 or above \nPlease upgrade to FortiSwitchManager version 7.2.3 or above \nPlease upgrade to FortiSwitchManager version 7.0.3 or above \nPlease upgrade to FortiProxy version 7.2.6 or above \nPlease upgrade to FortiProxy version 7.0.12 or above \nPlease upgrade to FortiPAM version 1.1.1 or above \nPlease upgrade to FortiSASE version 22.4 or above \n"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-137","url":"https://fortiguard.com/psirt/FG-IR-23-137"}]},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-45583","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-05-14T17:49:39.269934Z"}}}],"affected":[{"cpes":["cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"fortiproxy","versions":[{"status":"affected","version":"7.2.0","versionType":"custom","lessThanOrEqual":"7.2.5"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"fortiproxy","versions":[{"status":"affected","version":"7.0.0","versionType":"custom","lessThanOrEqual":"7.0.11"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"fortiproxy","versions":[{"status":"affected","version":"1.0.0","versionType":"custom","lessThanOrEqual":"2.*"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"fortiswitchmanager","versions":[{"status":"affected","version":"7.0.0","versionType":"custom","lessThanOrEqual":"7.0.2"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"fortiswitchmanager","versions":[{"status":"affected","version":"7.2.0","versionType":"custom","lessThanOrEqual":"7.2.2"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"fortios","versions":[{"status":"affected","version":"7.4.0"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"fortios","versions":[{"status":"affected","version":"7.2.0","versionType":"custom","lessThanOrEqual":"7.2.5"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"fortios","versions":[{"status":"affected","version":"7.0.0"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"fortios","versions":[{"status":"affected","version":"6.4.0"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"fortios","versions":[{"status":"affected","version":"6.2.0"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"fortios","versions":[{"status":"affected","version":"6.0.0","versionType":"custom","lessThanOrEqual":"6.0.16"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"],"vendor":"fortinet","product":"fortipam","versions":[{"status":"affected","version":"1.0.0","versionType":"custom","lessThanOrEqual":"1.1.*"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:19:59.485Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T20:21:16.756Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-137","url":"https://fortiguard.com/psirt/FG-IR-23-137","tags":["x_transferred"]}]}]}}