Description
A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests.
References (1)
Scores
CVSS v3
6.7
EPSS
0.0002
EPSS Percentile
5.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-134
Status
published
Products (6)
fortinet/fortios
7.4.0
fortinet/fortios
6.2.0 - 7.0.14
fortinet/fortipam
1.0.0 - 1.2.0
fortinet/fortiproxy
7.4.0
fortinet/fortiproxy
1.2.0 - 7.0.15
fortinet/fortiswitchmanager
7.0.0 - 7.0.3
Published
Feb 11, 2025
Tracked Since
Feb 18, 2026