Description
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://fortiguard.com/psirt/FG-IR-21-235
Scores
CVSS v3
7.8
EPSS
0.0019
EPSS Percentile
9.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-134
Status
published
Products (8)
fortinet/fortiadc
6.2.0
fortinet/fortiadc
6.2.1
fortinet/fortiadc
6.0.0 - 6.0.4
fortinet/fortimail
6.4.0 - 6.4.5
fortinet/fortios
5.0.0 - 5.0.14
fortinet/fortiproxy
7.0.0
fortinet/fortiproxy
7.0.1
fortinet/fortiproxy
1.0.0 - 1.0.7
Published
Aug 05, 2022
Tracked Since
Feb 18, 2026