CVE-2023-40721

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.4.0 through 7.4.1 and prior to 7.2.6 FortiProxy versions 7.4.0 and prior to 7.2.7 FortiPAM versions 1.1.2 and prior to 1.0.3 FortiSwitchManager versions 7.2.0 through 7.2.2 and prior to 7.0.2

Description: A use of externally-controlled format string vulnerability in Fortinet products allows a privileged attacker to execute arbitrary code or commands via specially crafted requests. This issue affects the command-line interface (CLI) of the affected products.

Recommendations: For Fortinet FortiOS versions 7.4.0 through 7.4.1 and prior to 7.2.6, update to a version that includes the fix for this issue. For FortiProxy versions 7.4.0 and prior to 7.2.7, update to a version that includes the fix for this issue. For FortiPAM versions 1.1.2 and prior to 1.0.3, update to a version that includes the fix for this issue. For FortiSwitchManager versions 7.2.0 through 7.2.2 and prior to 7.0.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the CLI of the affected products to minimize the risk of exploitation.