A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-21-235 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
11 Aug 2022, 17:54
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| References | (CONFIRM) https://fortiguard.com/psirt/FG-IR-21-235 - Patch, Vendor Advisory | |
| CWE | CWE-134 |
05 Aug 2022, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-08-05 20:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-22299
Mitre link : CVE-2022-22299
CVE.ORG link : CVE-2022-22299
JSON object : View
Products Affected
fortinet
- fortios
- fortiadc
- fortiproxy
- fortimail
CWE
CWE-134
Use of Externally-Controlled Format String