CVE-2022-22299

Name of the Vulnerable Software and Affected Versions FortiADC versions 6.0.0 through 6.2.1 FortiProxy versions 1.0.0 through 2.0.7 and 7.0.0 through 7.0.1 FortiOS versions 6.0.0 through 6.4.8 and 7.0.0 through 7.0.2 FortiMail versions 6.4.0 through 7.0.2

Description A format string vulnerability in the command line interpreter may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments. This issue is related to the use of an uncontrolled format string, which can be exploited by an attacker to execute arbitrary code.

Recommendations For FortiADC versions 6.0.0 through 6.2.1, update to a version outside of the affected range. For FortiProxy versions 1.0.0 through 2.0.7 and 7.0.0 through 7.0.1, update to a version outside of the affected range. For FortiOS versions 6.0.0 through 6.4.8 and 7.0.0 through 7.0.2, update to a version outside of the affected range. For FortiMail versions 6.4.0 through 7.0.2, update to a version outside of the affected range. As a temporary workaround, consider restricting access to the command line interpreter to minimize the risk of exploitation.