| Assigner | fortinet |
| Reserved | 2023-06-25 |
| Published | 2024-05-14 |
| Updated | 2024-06-04 |
Description
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands
| CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C |
Problem types
Execute unauthorized code or commands
Product status
7.2.0
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0
1.0.0
7.2.0
7.0.0
6.4.0
6.2.0
6.0.0
References
https://fortiguard.com/psirt/FG-IR-23-137
