CVE-2023-45583 – This CVE describes a format string vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2023-45583?

CVE-2023-45583 has a CVSS score of 6.7 (MEDIUM). This CVE describes a format string vulnerability in multiple Fortinet products that allows attackers to execute arbitrary code or commands. The vulnerability affects FortiProxy, FortiPAM, FortiOS, and FortiSwitchManager across multiple versions. Attackers can exploit this via specially crafted CLI commands or HTTP requests.

📋 TL;DR

This CVE describes a format string vulnerability in multiple Fortinet products that allows attackers to execute arbitrary code or commands. The vulnerability affects FortiProxy, FortiPAM, FortiOS, and FortiSwitchManager across multiple versions. Attackers can exploit this via specially crafted CLI commands or HTTP requests.

💻 Affected Systems

Products:

FortiProxy
FortiPAM
FortiOS
FortiSwitchManager

Versions: FortiProxy: 7.2.0-7.2.5, 7.0.0-7.0.11, 2.0.0-2.0.13, 1.2.0-1.2.13, 1.1.0-1.1.6; FortiPAM: 1.1.0, 1.0.0-1.0.3; FortiOS: 7.4.0, 7.2.0-7.2.5, 7.0.0-7.0.13, 6.4.0-6.4.14, 6.2.0-6.2.15; FortiSwitchManager: 7.2.0-7.2.2, 7.0.0-7.0.2

Operating Systems: FortiOS-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both CLI and HTTP interfaces. All default configurations are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root/admin privileges, allowing complete control over affected devices, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Unauthorized command execution leading to configuration changes, data access, or installation of backdoors on vulnerable devices.

🟢

If Mitigated

Limited impact due to network segmentation, proper access controls, and monitoring preventing successful exploitation.

🌐 Internet-Facing: HIGH - Directly accessible devices can be exploited remotely via HTTP requests.

🏢 Internal Only: MEDIUM - Requires CLI access or internal network access, but still significant if exploited.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authentication for CLI exploitation or network access for HTTP exploitation. Format string vulnerabilities typically require specific knowledge of memory layout.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiProxy: 7.2.6, 7.0.12, 2.0.14, 1.2.14, 1.1.7; FortiPAM: 1.1.1, 1.0.4; FortiOS: 7.4.1, 7.2.6, 7.0.14, 6.4.15, 6.2.16; FortiSwitchManager: 7.2.3, 7.0.3

Vendor Advisory: https://fortiguard.com/psirt/FG-IR-23-137

Restart Required: Yes

Instructions:

1. Download appropriate firmware from Fortinet support portal. 2. Backup current configuration. 3. Upload firmware via web interface or CLI. 4. Reboot device after installation. 5. Verify successful upgrade.

🔧 Temporary Workarounds

Restrict CLI Access

all

Limit CLI access to trusted administrators only using access control lists and strong authentication.

config system admin
edit <admin_user>
set trusthost1 <trusted_ip> <mask>
end

Network Segmentation

all

Place affected devices behind firewalls and restrict HTTP/HTTPS access to management interfaces.

🧯 If You Can't Patch

Isolate affected devices from internet and critical internal networks
Implement strict network access controls and monitor for suspicious CLI/HTTP activity

🔍 How to Verify

Check if Vulnerable:

Check current firmware version via CLI: 'get system status' or web interface: System > Dashboard

Check Version:

get system status | grep Version

Verify Fix Applied:

Verify firmware version is at or above patched versions listed in vendor advisory

📡 Detection & Monitoring

Log Indicators:

Unusual CLI command execution patterns
HTTP requests with format string characters (%n, %s, %x)
Multiple failed authentication attempts followed by successful access

Network Indicators:

Unusual outbound connections from Fortinet devices
HTTP requests to management interfaces from unexpected sources

SIEM Query:

source="fortinet" AND (event_type="cli_command" OR http_method="POST") AND (message="*%*" OR user="unknown")

📊 Metadata

CVE ID: CVE-2023-45583

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-134

Published: May 14, 2024

Last Updated: November 21, 2024

🔗 References

https://fortiguard.com/psirt/FG-IR-23-137 Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-137 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45583, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fortios by Fortinet

Fortios by Fortinet

Fortios by Fortinet

Fortios by Fortinet

Fortios by Fortinet

Fortios by Fortinet

Fortipam by Fortinet

Fortipam by Fortinet

Fortiproxy by Fortinet

Fortiproxy by Fortinet

Fortiswitchmanager by Fortinet

Fortiswitchmanager by Fortinet

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict CLI Access

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities