Vulnerability Overview

CVE-2024-23113 is a format string vulnerability in the Fortinet FortiOS fgfmd daemon. The fgfmd daemon handles FortiGate-to-FortiManager communication, and a format string flaw in its request parsing allows remote unauthenticated attackers to execute arbitrary code.

Impact Assessment

Exploitation of this vulnerability allows complete device takeover. Attackers can gain root-level access to FortiGate devices, intercept network traffic, modify firewall rules, and pivot into protected network segments.

Affected Products

FortiOS 7.0 (all versions before 7.0.14), FortiOS 7.2 (all versions before 7.2.7), FortiOS 7.4 (all versions before 7.4.3). FortiProxy and FortiPAM are also affected.

Recommended Actions

Update to FortiOS 7.0.14, 7.2.7, or 7.4.3 immediately.

As a workaround, disable fgfmd access on all interfaces.

Monitor for indicators of compromise.

Review CISA KEV catalog for compliance deadlines.

AI Security Advisor

Get AI-powered security recommendations tailored to this specific threat — including risk assessment, detection guidance, MITRE ATT&CK mapping, and actionable remediation steps.

Affected Products

FortiOS 7.0.xFortiOS 7.2.xFortiOS 7.4.x

Sources

fortinetfortiosrceformat-stringactively_exploitedcisa_kev

Protect Your Organization

Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.

Get Started Free Free Security Scan OSINT Dashboard

Get instant alerts on Telegram

Join our public channel for real-time critical CVE alerts.

Follow @vulnios

High Severity Format String Vulnerability in Fortinet FortiOS (CVE-2024-23113)

Vulnerability Overview

Impact Assessment

Affected Products

Recommended Actions

AI Security Advisor

Affected Products

Sources

Protect Your Organization