A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-21-235 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fortinet
Published: 2022-08-05T15:23:52
Updated: 2022-08-05T15:23:52
Reserved: 2022-01-03T00:00:00
Link: CVE-2022-22299
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-05T20:15:08.147
Modified: 2022-08-11T17:54:14.543
Link: CVE-2022-22299
JSON object: View
Redhat Information
No data.
CWE