virus logo Intrusion Prevention

FortiOS.HTTPSd.Daemon.CVE-2023-36639.Memory.Corruption

description-logoDescription

This indicates an attack attempt to exploit a Format String vulnerability in FortiOS, FortiProxy and FortiPAM.
A format string vulnerability in the HTTPSd daemon of FortiOS, FortiProxy and FortiPAM may allow an authenticated user to execute unauthorized code or commands via specially crafted API requests.

affected-products-logoAffected Products

FortiOS 7.4.0
FortiOS 7.2.0 through 7.2.4
FortiOS 7.0.0 through 7.0.11
FortiOS 6.4.0 through 6.4.12
FortiOS 6.2.0 through 6.2.15
FortiOS 6.0 all versions
FortiPAM 1.1.0
FortiPAM 1.0 all versions
FortiProxy 7.2.0 through 7.2.4
FortiProxy 7.0.0 through 7.0.10

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.fortiguard.com/psirt/FG-IR-23-138

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-01-09 26.711
Modified
 Name:FG-VD-53438.
0day:FortiOS.
HTTPSd.
Daemon.
CVE-2023-36639.
Memory.
Corruption
2023-08-16 25.622
Modified
 Default_action:pass:drop
2023-08-07 25.615
New

References

https://www.fortiguard.com/psirt/FG-IR-23-138
ID 53438
Created Aug 07, 2023
Updated Jan 09, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 0.18%
Default Action drop
Active
Affected OS Linux
Affected App Other
Profile Type Format String