===================================================================== 

CERT-Renater 

Note d'Information No. 2024/VULN083 
_____________________________________________________________________ 

DATE : 09/02/2024 

HARDWARE PLATFORM(S): / 

OPERATING SYSTEM(S): FortiOS - Format String Bug in fgfmd 

===================================================================== 
https://www.fortiguard.com/psirt/FG-IR-24-029 
_____________________________________________________________________ 


FortiOS - Format String Bug in fgfmd 

Summary 

A use of externally-controlled format string vulnerability [CWE-134] 
in FortiOS fgfmd daemon may allow a remote unauthenticated attacker 
to execute arbitrary code or commands via specially crafted requests. 

Version Affected Solution 
FortiOS 7.4 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above 
FortiOS 7.2 7.2.0 through 7.2.6 Upgrade to 7.2.7 or above 
FortiOS 7.0 7.0.0 through 7.0.13 Upgrade to 7.0.14 or above 


Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool 

FortiOS 6.x is not affected. 


+-------------------------------------------------------------------- 

2) FortiOS - Format String Bug in fgfmd 

CVE-2024-23113 

SIR: High 

CVSS Score v(3.1): 9.8 

URL: 
https://www.fortiguard.com/psirt/FG-IR-24-029 

========================================================= 
+ CERT-RENATER | tel : 01-53-94-20-44 + 
+ 23/25 Rue Daviel | fax : 01-53-94-20-41 + 
+ 75013 Paris | email:cert@support.renater.fr + 
=========================================================