CVE-2023-48784

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.4.1 and below FortiOS versions 7.2.7 and below FortiOS versions 7.0.14 and below FortiOS versions 6.4.15 and below

Description A use of externally-controlled format string vulnerability in FortiOS command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests. The vulnerability is related to the processing of binary files and the use of uncontrolled format strings.

Recommendations For FortiOS versions 7.4.1 and below, update to a version above 7.4.1. For FortiOS versions 7.2.7 and below, update to a version above 7.2.7. For FortiOS versions 7.0.14 and below, update to a version above 7.0.14. For FortiOS versions 6.4.15 and below, update to a version above 6.4.15. As a temporary workaround, consider restricting CLI access to minimize the risk of exploitation.