A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.
Weakness
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Fortios | Fortinet | 6.2.0 (including) | 6.2.17 (excluding) |
| Fortios | Fortinet | 6.4.0 (including) | 6.4.16 (excluding) |
| Fortios | Fortinet | 7.0.0 (including) | 7.0.16 (excluding) |
| Fortios | Fortinet | 7.2.0 (including) | 7.2.10 (excluding) |
| Fortios | Fortinet | 7.4.0 (including) | 7.4.5 (excluding) |