CVE-2023-36639: 
FortiOS vulnerability analysis and mitigation

A format string vulnerability (CWE-134) was discovered in the HTTPSd daemon of FortiOS, FortiProxy, and FortiPAM. The vulnerability, identified as CVE-2023-36639, was internally discovered by Gwendal Guégniaud of Fortinet Product Security team during an internal audit of the SSL-VPN component. The vulnerability affects multiple versions of FortiOS (6.0.x through 7.4.0), FortiProxy (7.0.0 through 7.2.4), and FortiPAM (1.0.x and 1.1.0) (Fortinet Advisory).

The vulnerability is classified as a format string bug (CWE-134) that exists in the HTTPSd daemon. It received a CVSS v3.1 base score of 8.8 (High) from NVD with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Fortinet assigned it a score of 7.2 (High) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability requires the attacker to have Read/Write privileges on the administrative interface to perform the attack (NVD, Fortinet Advisory).

If successfully exploited, this vulnerability allows an authenticated user to execute unauthorized code or commands via specially crafted API requests. The potential impact includes system compromise, where remote attackers can gain control of vulnerable systems (Fortinet IPS).

Fortinet has released patches for affected versions and recommends upgrading to the following versions: FortiOS 7.4.1 or above, 7.2.5 or above, 7.0.12 or above, 6.4.13 or above, and 6.2.16 or above; FortiProxy 7.2.5 or above and 7.0.11 or above; FortiPAM 1.1.1 or above. A virtual patch named 'FortiOS.HTTPSd.Daemon.CVE-2023-36639.Memory.Corruption' is available in FMWP db update. While 'trusted host' mitigation might limit potential exploitations, it is not considered a valid workaround (Fortinet Advisory).