CVE-2018-1352Use of Externally-Controlled Format String in Fortinet Fortios

CWE-134Use of Externally-Controlled Format String4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 33.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortios
Timeline
PublishedFeb 8
Latest updateMay 14

Description

A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDfortinet/fortios5.6.0

🔴Vulnerability Details

2
GHSA
GHSA-p5qq-xp46-54rc: A format string vulnerability in Fortinet FortiOS 52022-05-14
CVEList
CVE-2018-1352: A format string vulnerability in Fortinet FortiOS 52019-02-08

📋Vendor Advisories

1
Fortinet
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the...2019-02-08
CVE-2018-1352 — Fortinet Fortios vulnerability | cvebase