CVE-2022-43953

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.2 and earlier FortiOS versions 6.4 and earlier FortiOS versions 7.0 and earlier FortiOS versions 7.2.0 through 7.2.4 FortiProxy versions 7.0.0 through 7.0.7 FortiProxy versions 7.2.0 through 7.2.1

Description The issue is related to a use of externally-controlled format string in the command line interpreter of FortiOS and FortiProxy, which may allow an attacker to execute unauthorized code or commands via specially crafted commands or arguments. This could potentially be exploited by an authenticated user.

Recommendations For FortiOS versions 6.2 and earlier, update to a version that is not affected by this issue. For FortiOS versions 6.4 and earlier, update to a version that is not affected by this issue. For FortiOS versions 7.0 and earlier, update to a version that is not affected by this issue. For FortiOS versions 7.2.0 through 7.2.4, update to a version that is not affected by this issue. For FortiProxy versions 7.0.0 through 7.0.7, update to a version that is not affected by this issue. For FortiProxy versions 7.2.0 through 7.2.1, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the command line interpreter until a patch is available.