Fortinet Product Security Update Advisory (CVE-2024-23113)
Overview
An update has been released to address vulnerabilities in Fortinet Products. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-23113
- FortiOS versions: 7.4.0 (inclusive) ~ 7.4.2 (inclusive)
- FortiOS versions: 7.2.0 (inclusive) ~ 7.2.6 (inclusive)
- FortiOS versions: 7.0.0 (inclusive) ~ 7.0.13 (inclusive)
- FortiPAM version: 1.0 all versions
- FortiPAM version: 1.1 all versions
- FortiPAM version: 1.2 all versions
- FortiProxy versions: 7.4.0 (inclusive) ~ 7.4.2 (inclusive)
- FortiProxy versions: 7.2.0 (inclusive) ~ 7.2.8 (inclusive)
- FortiProxy versions: 7.0.0 (inclusive) ~ 7.0.15 (inclusive)
- FortiWeb versions: 7.4.0 (inclusive) ~ 7.4.2 (inclusive)
Resolved Vulnerabilities
Format string vulnerability in FortiOS, FortiPAM, FortiProxy, and FortiWeb (CVE-2024-23113)
Vulnerability Patches
The following product-specific vulnerability patches are available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-23113
- FortiOS version: 7.4.3 or later version
- FortiOS version: 7.2.7 or later version
- FortiOS version: 7.0.14 or later version
- FortiPAM version: migrating to a fixed release (1.3)
- FortiProxy version: 7.4.3 or later version
- FortiProxy version: 7.2.9 or later version
- FortiProxy version: 7.0.16 or later version
- FortiWeb version: 7.4.3 or later version
References
[1] CVE-2024-23113 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-23113
[2] Format String Bug in fgfmd
https://www.fortiguard.com/psirt/FG-IR-24-029
[3] Upgrade Path Tool Table