CVE-2022-43953 — Use of Externally-Controlled Format String in Fortinet Fortios

CWE-134 — Use of Externally-Controlled Format String4 documents4 sources

Severity

7.8HIGHNVD

CNA6.7

EPSS

0.0%

top 85.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy

Timeline

PublishedJun 13

Description

A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5fortinet/fortios7.2.0 — 7.2.4+3

▶NVDfortinet/fortios6.2.0 — 6.2.15+3

▶CVEListV5fortinet/fortiproxy7.2.0 — 7.2.1+1

▶NVDfortinet/fortiproxy7.0.0 — 7.0.7+2

🔴Vulnerability Details

CVEList

CVE-2022-43953: A use of externally-controlled format string in Fortinet FortiOS version 7↗2023-06-13

▶

GHSA

GHSA-vv6m-9gcj-8cf5: A use of externally-controlled format string in Fortinet FortiOS version 7↗2023-06-13

▶

📋Vendor Advisories

Fortinet

Format String Bug in fortiguard-resources CLI command↗2023-06-13

▶