CVE-2023-29181

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.2.0 through 7.2.4 FortiOS versions 7.0.0 through 7.0.11 FortiOS versions 6.4.0 through 6.4.12 FortiOS versions 6.2.0 through 6.2.14 FortiOS versions 6.0.0 through 6.0.16 FortiProxy versions 7.2.0 through 7.2.4 FortiProxy versions 7.0.0 through 7.0.10 FortiProxy versions 2.0.0 through 2.0.12 FortiProxy versions 1.2.0 through 1.2.13 FortiProxy versions 1.1.0 through 1.1.6 FortiProxy versions 1.0.0 through 1.0.7 FortiPAM versions 1.0.0 through 1.0.3

Description The issue is related to the use of externally-controlled format strings in the Fclicense daemon of FortiOS, allowing a remote attacker to execute arbitrary code via specially crafted commands. This can lead to the execution of unauthorized code or commands.

Recommendations For FortiOS versions 7.2.0 through 7.2.4, update to a version outside of this range to mitigate the risk. For FortiOS versions 7.0.0 through 7.0.11, update to a version outside of this range to mitigate the risk. For FortiOS versions 6.4.0 through 6.4.12, update to a version outside of this range to mitigate the risk. For FortiOS versions 6.2.0 through 6.2.14, update to a version outside of this range to mitigate the risk. For FortiOS versions 6.0.0 through 6.0.16, update to a version outside of this range to mitigate the risk. For FortiProxy versions 7.2.0 through 7.2.4, update to a version outside of this range to mitigate the risk. For FortiProxy versions 7.0.0 through 7.0.10, update to a version outside of this range to mitigate the risk. For FortiProxy versions 2.0.0 through 2.0.12, update to a version outside of this range to mitigate the risk. For FortiProxy versions 1.2.0 through 1.2.13, update to a version outside of this range to mitigate the risk. For FortiProxy versions 1.1.0 through 1.1.6, update to a version outside of this range to mitigate the risk. For FortiProxy versions 1.0.0 through 1.0.7, update to a version outside of this range to mitigate the risk. For FortiPAM versions 1.0.0 through 1.0.3, update to a version outside of this range to mitigate the risk.