CVE-2023-36640: 
FortiOS vulnerability analysis and mitigation

A format string vulnerability (CWE-134) was discovered in multiple Fortinet products including FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager. The vulnerability affects the command line interpreter and httpd components, which could allow an authenticated attacker to execute arbitrary code through specially crafted commands and HTTP requests (Fortiguard PSIRT, CVE Mitre).

The vulnerability is classified as a medium severity issue with a CVSSv3 score of 6.5. It specifically involves the use of externally-controlled format strings in the CLI component and httpd daemon. The vulnerability was internally discovered during an audit of the SSL-VPN component by Fortinet's Product Security team members Gwendal Guégniaud and Théo Leleu (Fortiguard PSIRT).

If successfully exploited, this vulnerability allows an authenticated attacker to execute unauthorized code or commands on affected systems through specifically crafted commands and HTTP requests (Fortiguard PSIRT).

Fortinet has released patches for affected products and versions. Users should upgrade to the following versions: FortiOS 7.4.1 or above (for 7.4.0), FortiOS 7.2.6 or above (for 7.2.0-7.2.5), FortiPAM 1.1.1 or above (for 1.1.0), FortiProxy 7.2.6 or above (for 7.2.0-7.2.5), FortiProxy 7.0.12 or above (for 7.0.0-7.0.11), and FortiSwitchManager 7.2.3 or above (for 7.2.0-7.2.2). For FortiSASE users, a virtual patch named 'FortiOS.Httpsd.Daemon.Format.String.' is available in FMWP db update 23.103 (Fortiguard PSIRT).