Fortinet: >> Fortiswitchmanager >> 7.2.2 Security Vulnerabilities
CVE-2024-23113
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Known exploited
CVSS Score
9.8
EPSS Score
0.58
Published
2024-02-15
An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2
7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-09-07
Page 2