Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-23113 PoC — Fortinet FortiOS 格式化字符串错误漏洞

Source
https://github.com/XiaomingX/cve-2024-23113-exp
Associated Vulnerability
Title:Fortinet FortiOS 格式化字符串错误漏洞 (CVE-2024-23113)
Description:A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Readme
# cve-2024-23113

CVE-2024-23113 是一个严重的安全漏洞,影响 Fortinet 的多款产品,包括 FortiOS、FortiProxy、FortiPAM 和 FortiSwitchManager。该漏洞允许未经身份验证的远程攻击者通过特制的请求,在受影响的设备上执行任意代码或命令,可能导致系统被完全控制。 

具体而言,攻击者可以利用该漏洞发送精心构造的数据包,触发格式字符串漏洞,从而在目标设备上执行恶意代码。这可能导致敏感信息泄露、系统崩溃或被用于进一步的攻击。 

该漏洞的 CVSS 评分为 9.8,属于高危级别,已被美国网络安全和基础设施安全局(CISA)列入已知被利用漏洞目录。 因此,强烈建议受影响的用户尽快更新到 Fortinet 提供的修复版本,以防止潜在的安全风险。
File Snapshot

 [4.0K]  /data/pocs/fea724ea12075dec68e19bbb3ae688a37a2de70a
├── [ 11K]  LICENSE
├── [4.2K]  POC-CVE-2024-23113.py
└── [ 841]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →