PSIRTFormat String Bug in Fclicense daemon
Summary
A use of externally-controlled format string vulnerability [CWE-134] in the Fclicense daemon of FortiOS may allow a remote authenticated attacker to execute arbitrary code or commands via specially crafted requests.
| Version | Affected | Solution |
|---|---|---|
| FortiOS 7.4 | Not affected | Not Applicable |
| FortiOS 7.2 | 7.2.0 through 7.2.4 | Upgrade to 7.2.5 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.11 | Upgrade to 7.0.12 or above |
| FortiOS 6.4 | 6.4.0 through 6.4.12 | Upgrade to 6.4.13 or above |
| FortiOS 6.2 | 6.2.0 through 6.2.14 | Upgrade to 6.2.15 or above |
| FortiOS 6.0 | 6.0.0 through 6.0.16 | Upgrade to 6.0.17 or above |
| FortiOS 5.6 | 5.6 all versions | Migrate to a fixed release |
| FortiOS 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiOS 5.2 | 5.2 all versions | Migrate to a fixed release |
| FortiOS 5.0 | 5.0 all versions | Migrate to a fixed release |
| FortiOS 4.3 | 4.3 all versions | Migrate to a fixed release |
| FortiOS 4.2 | 4.2 all versions | Migrate to a fixed release |
| FortiOS 4.1 | 4.1 all versions | Migrate to a fixed release |
| FortiOS 4.0 | 4.0 all versions | Migrate to a fixed release |
| FortiPAM 1.1 | Not affected | Not Applicable |
| FortiPAM 1.0 | 1.0 all versions | Migrate to a fixed release |
| FortiProxy 7.2 | 7.2.0 through 7.2.4 | Upgrade to 7.2.5 or above |
| FortiProxy 7.0 | 7.0.0 through 7.0.10 | Upgrade to 7.0.11 or above |
| FortiProxy 2.0 | 2.0.0 through 2.0.12 | Upgrade to 2.0.13 or above |
| FortiProxy 1.2 | 1.2 all versions | Migrate to a fixed release |
| FortiProxy 1.1 | 1.1 all versions | Migrate to a fixed release |
| FortiProxy 1.0 | 1.0 all versions | Migrate to a fixed release |
Virtual Patch named "FortiOS.Fclicense.Daemon.Format.String." is available in FMWP db update 23.104
Acknowledgement
Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team in the frame of an internal audit of the SSL-VPN component.Timeline
2023-06-12: Initial publicationAdded IPS package info: 2023-11-15