CVE-2023-36640 in FortiProxy
Summary
by MITRE • 05/14/2024
A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0.0 through 6.0.16, FortiPAM 1.1.0, FortiPAM 1.0 all versions, FortiProxy 7.2.0 through 7.2.5, FortiProxy 7.0.0 through 7.0.11, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/12/2026
This vulnerability represents a critical format string attack vector that affects multiple Fortinet security products including FortiProxy, FortiPAM, and FortiOS across numerous version ranges. The flaw resides in the improper handling of user-supplied input within format string operations, creating an environment where malicious actors can manipulate program execution flow through carefully crafted input sequences. The vulnerability specifically impacts versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, and 1.0.0 through 1.0.7 for FortiProxy, along with corresponding FortiOS versions spanning from 7.2.0 down to 6.0.16. This vulnerability maps directly to CWE-134 which defines the weakness of using externally-controlled format strings in printf-style functions. The security implications are severe as attackers can exploit this flaw to execute arbitrary code or commands on the affected systems, potentially leading to complete system compromise and unauthorized access to sensitive network resources.
The technical exploitation of this vulnerability occurs when the vulnerable software processes user input without proper sanitization within format string functions such as printf, sprintf, or related operations. Attackers can craft malicious input sequences that contain format specifiers like %s, %d, or %x which, when processed by the vulnerable application, can lead to memory corruption, information disclosure, or code execution. The attack typically involves manipulating the format string to read from or write to specific memory locations, potentially allowing attackers to overwrite function pointers, inject malicious code, or bypass security controls. This type of vulnerability is particularly dangerous in network security appliances like FortiProxy and FortiOS as these devices often operate with elevated privileges and control critical network traffic flows.
The operational impact of this vulnerability extends beyond simple code execution to encompass complete system compromise and potential network infiltration. When exploited successfully, attackers can gain unauthorized access to sensitive network infrastructure, potentially allowing them to intercept communications, modify traffic flows, or establish persistent backdoors within the network environment. The affected FortiProxy appliances serve as critical security gateways for managing and controlling network access, while FortiOS devices function as core network security platforms protecting enterprise environments. The widespread version ranges affected indicate that organizations running any of these vulnerable versions are at risk of exploitation, potentially affecting thousands of network security devices across multiple organizations. This vulnerability aligns with ATT&CK technique T1059 which describes the use of command and scripting interpreters for execution, as attackers can leverage the format string vulnerability to execute arbitrary commands on the target systems.
Organizations should implement immediate mitigations including applying the latest security patches released by Fortinet, which address the format string vulnerability through proper input validation and sanitization. Network segmentation and access control measures should be strengthened to limit potential exploitation paths, while monitoring systems should be enhanced to detect suspicious input patterns that might indicate exploitation attempts. Regular vulnerability assessments and penetration testing should be conducted to identify any remaining exposure within the network infrastructure. Additionally, security teams should implement proper input validation controls at all network boundaries and ensure that all Fortinet products are running patched versions to prevent exploitation. The vulnerability highlights the critical importance of proper input validation and secure coding practices, particularly in security-critical applications where format string vulnerabilities can provide attackers with direct paths to system compromise and unauthorized access to sensitive network resources.