A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 up to and including 7.4.2, 7.2.0 up to and including 7.2.6, 7.0.0 up to and including 7.0.13, FortiProxy versions 7.4.0 up to and including 7.4.2, 7.2.0 up to and including 7.2.8, 7.0.0 up to and including 7.0.14, FortiPAM versions 1.2.0, 1.1.0 up to and including 1.1.2, 1.0.0 up to and including 1.0.3, FortiSwitchManager versions 7.2.0 up to and including 7.2.3, 7.0.0 up to and including 7.0.3 allows malicious user to execute unauthorized code or commands via specially crafted packets.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortipam |
||
fortinet fortios |
||
fortinet fortiproxy |
||
fortinet fortipam 1.2.0 |
||
fortinet fortiswitchmanager |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources An orchestra of fails for the security vendor
We've had to write the word "Fortinet" so often lately that we're considering making a macro just to make our lives a little easier after what the company's reps will surely agree has been a week sent from hell. It all culminated this Friday with the disclosure of yet another critical security vulnerability in FortiOS, impacting its SSL VPN. Tracked as CVE-24-21762, the 9.6 severity out-of-bounds write issue allows for remote unauthenticated attackers to achieve code execution. There's also evid...