CVE-2022-43953

Summary

A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiProxy7.2.0 <= 7.2.1affected
FortinetFortiProxy7.0.0 <= 7.0.7affected
FortinetFortiOS7.2.0 <= 7.2.4affected
FortinetFortiOS7.0.0 <= 7.0.11affected
FortinetFortiOS6.4.0 <= 6.4.12affected
FortinetFortiOS6.2.0 <= 6.2.15affected

Weaknesses

  • CWE-134: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References