CVE-2023-40721: A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or…

medium6.7CVSS 3.1

AVLACLPRHUINSUCHIHAH

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests.

Affected

26 ranges· showing 25

Vendor	Product	Version range	Fixed in
fortinet	fortinet	—	—
fortinet	fortios	—	—
fortinet	fortios	—	—
fortinet	fortios	>= 6.2.0 < 7.0.14	7.0.14
fortinet	fortios	6.2.0 – 6.2.17	—
fortinet	fortios	6.4.0 – 6.4.16	—
fortinet	fortios	7.0.0 – 7.0.13	—
fortinet	fortios	>= 7.2.0 < 7.2.7	7.2.7
fortinet	fortios	7.2.0 – 7.2.5	—
fortinet	fortipam	—	—
fortinet	fortipam	>= 1.0.0 < 1.2.0	1.2.0
fortinet	fortipam	1.0.0 – 1.0.3	—
fortinet	fortipam	1.1.0 – 1.1.2	—
fortinet	fortiproxy	—	—
fortinet	fortiproxy	—	—
fortinet	fortiproxy	>= 1.2.0 < 7.0.15	7.0.15
fortinet	fortiproxy	1.2.0 – 1.2.13	—
fortinet	fortiproxy	2.0.0 – 2.0.14	—
fortinet	fortiproxy	7.0.0 – 7.0.14	—
fortinet	fortiproxy	>= 7.2.0 < 7.2.8	7.2.8
fortinet	fortiproxy	7.2.0 – 7.2.6	—
fortinet	fortiswitchmanager	—	—
fortinet	fortiswitchmanager	>= 7.0.0 < 7.0.3	7.0.3
fortinet	fortiswitchmanager	7.0.0 – 7.0.2	—
fortinet	fortiswitchmanager	>= 7.2.0 < 7.2.3	7.2.3