SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-23113

CVE-2024-23113: Fortinet FortiProxy RCE Vulnerability

CVE-2024-23113 is a format string RCE vulnerability in Fortinet FortiProxy that enables attackers to execute unauthorized code via specially crafted packets. This article covers the technical details, affected versions, and mitigation.

Updated:

CVE-2024-23113 Overview

A use of externally-controlled format string vulnerability has been identified in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3. This vulnerability allows attackers to execute unauthorized code or commands via specially crafted packets.

Critical Impact

This vulnerability can lead to remote code execution, making it a critical concern for network security.

Affected Products

  • Fortinet FortiOS
  • Fortinet FortiProxy
  • Fortinet FortiSwitchManager

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to Fortinet
  • 2024-02-15 - CVE CVE-2024-23113 assigned
  • Not Available - Fortinet releases security patch
  • 2024-02-15 - CVE CVE-2024-23113 published to NVD
  • 2025-10-24 - Last updated in NVD database

Technical Details for CVE-2024-23113

Vulnerability Analysis

The vulnerability is due to an input validation error where a format string is improperly controlled, enabling attackers to inject and execute arbitrary commands on the system.

Root Cause

The root cause lies in the use of an externally-controlled format string, which fails to sanitize user input properly before using it in formatting functions.

Attack Vector

The attack vector is over the network, where an attacker can send specially crafted packets to exploit the format string vulnerability.

c
// Example exploitation code (sanitized)
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char **argv) {
    char buffer[100];
    snprintf(buffer, sizeof(buffer), argv[1]); // Vulnerable line
    printf("%s\n", buffer);
    return 0;
}

Detection Methods for CVE-2024-23113

Indicators of Compromise

  • Unexpected format string errors in application logs
  • Unauthorized code execution logs
  • Anomalous network traffic directed at vulnerable services

Detection Strategies

Deploy network intrusion detection systems (NIDS) configured to monitor and alert on attempts to exploit format string vulnerabilities. Use heuristics to detect unusual patterns in application logs indicative of format string misuse.

Monitoring Recommendations

Monitor application logs for format string errors and network traffic for patterns that match crafted packet signatures. Use SentinelOne's advanced EDR capabilities to detect and block exploits targeting this vulnerability.

How to Mitigate CVE-2024-23113

Immediate Actions Required

  • Disable affected services until patched
  • Implement input validation to sanitize all user inputs
  • Restrict network access to vulnerable services

Patch Information

Apply the latest security patches provided by Fortinet as per Vendor Advisory.

Workarounds

As a temporary measure, ensure that format strings are not influenced by user inputs. Implement network-level access controls to limit exposure.

bash
# Configuration example
iptables -A INPUT -p tcp --dport 80 -s <trusted IP> -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne