A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands
2024-05-14T17:15:16.640
2024-11-21T08:10:09.313
Modified
CVSSv3.1: 6.7 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | fortiproxy | ≤ 1.0.7 | Yes |
| Application | fortinet | fortiproxy | ≤ 1.1.6 | Yes |
| Application | fortinet | fortiproxy | ≤ 1.2.13 | Yes |
| Application | fortinet | fortiproxy | ≤ 2.0.14 | Yes |
| Application | fortinet | fortiproxy | ≤ 7.0.10 | Yes |
| Application | fortinet | fortiproxy | ≤ 7.2.4 | Yes |
| Operating System | fortinet | fortipam | ≤ 1.0.3 | Yes |
| Operating System | fortinet | fortios | ≤ 6.0.16 | Yes |
| Operating System | fortinet | fortios | ≤ 6.2.16 | Yes |
| Operating System | fortinet | fortios | ≤ 6.4.14 | Yes |
| Operating System | fortinet | fortios | ≤ 7.0.12 | Yes |
| Operating System | fortinet | fortios | 7.2.0 | Yes |