Lucene search

[email protected]NVD:CVE-2022-22299

HistoryAug 05, 2022 - 8:15 p.m.

CVE-2022-22299

2022-08-0520:15:08

CWE-134

[email protected]

web.nvd.nist.gov

fortiadc

fortiproxy

fortios

fortimail

format string vulnerability

authenticated user

unauthorized code

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

10.4%

JSON

A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.

Affected configurations

Nvd

Node

fortinetfortiadcRange6.0.0–6.0.4

fortinetfortiadcRange6.1.0–6.1.6

fortinetfortiadcMatch6.2.0

fortinetfortiadcMatch6.2.1

fortinetfortimailRange6.4.0–6.4.5

fortinetfortimailRange7.0.0–7.0.2

fortinetfortiproxyRange1.0.0–1.0.7

fortinetfortiproxyRange1.1.0–1.1.6

fortinetfortiproxyRange1.2.0–1.2.13

fortinetfortiproxyRange2.0.0–2.0.7

fortinetfortiproxyMatch7.0.0

fortinetfortiproxyMatch7.0.1

fortinetfortiosRange5.0.0–5.0.14

fortinetfortiosRange5.2.0–5.2.15

fortinetfortiosRange5.4.0–5.4.13

fortinetfortiosRange5.6.0–5.6.14

fortinetfortiosRange6.0.0–6.0.14

fortinetfortiosRange6.2.0–6.2.10

fortinetfortiosRange6.4.0–6.4.8

fortinetfortiosRange7.0.0–7.0.2

VendorProductVersionCPE
fortinetfortiadc*cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
fortinetfortiadc6.2.0cpe:2.3:a:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*
fortinetfortiadc6.2.1cpe:2.3:a:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*
fortinetfortimail*cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*
fortinetfortiproxy*cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
fortinetfortiproxy7.0.0cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
fortinetfortiproxy7.0.1cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
fortinetfortios*cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortiadc	*	cpe:2.3:a:fortinet:fortiadc::::::::
fortinet	fortiadc	6.2.0	cpe:2.3:a:fortinet:fortiadc:6.2.0:::::::*
fortinet	fortiadc	6.2.1	cpe:2.3:a:fortinet:fortiadc:6.2.1:::::::*
fortinet	fortimail	*	cpe:2.3:a:fortinet:fortimail::::::::
fortinet	fortiproxy	*	cpe:2.3:a:fortinet:fortiproxy::::::::
fortinet	fortiproxy	7.0.0	cpe:2.3:a:fortinet:fortiproxy:7.0.0:::::::*
fortinet	fortiproxy	7.0.1	cpe:2.3:a:fortinet:fortiproxy:7.0.1:::::::*
fortinet	fortios	*	cpe:2.3:o:fortinet:fortios::::::::