Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22299

A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.

Published

2022-08-05T20:15:08.147

Last Modified

2024-11-21T06:46:35.613

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses
  • Type: Primary
    CWE-134
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application fortinet fortiadc ≤ 6.0.4 Yes
Application fortinet fortiadc ≤ 6.1.6 Yes
Application fortinet fortiadc 6.2.0 Yes
Application fortinet fortiadc 6.2.1 Yes
Application fortinet fortimail ≤ 6.4.5 Yes
Application fortinet fortimail ≤ 7.0.2 Yes
Application fortinet fortiproxy ≤ 1.0.7 Yes
Application fortinet fortiproxy ≤ 1.1.6 Yes
Application fortinet fortiproxy ≤ 1.2.13 Yes
Application fortinet fortiproxy ≤ 2.0.7 Yes
Application fortinet fortiproxy 7.0.0 Yes
Application fortinet fortiproxy 7.0.1 Yes
Operating System fortinet fortios ≤ 5.0.14 Yes
Operating System fortinet fortios ≤ 5.2.15 Yes
Operating System fortinet fortios ≤ 5.4.13 Yes
Operating System fortinet fortios ≤ 5.6.14 Yes
Operating System fortinet fortios ≤ 6.0.14 Yes
Operating System fortinet fortios ≤ 6.2.10 Yes
Operating System fortinet fortios < 6.4.8 Yes
Operating System fortinet fortios < 7.0.2 Yes
References