Format string

2024-02-1514:15:00

PRIOn knowledge base

www.prio-n.com

externally controlled format

fortinet

unauthorized code execution

specially crafted packets

nvd

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.3%

JSON

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.

CPENameOperatorVersion
fortiosge7.0.0
fortiosle7.0.13
fortiosge7.2.0
fortiosle7.2.6
fortiosge7.4.0
fortiosle7.4.2
fortipamge1.0.0
fortipamle1.0.3
fortipamge1.1.0
fortipamle1.1.2