FortiOS - Format String Bug in Fclicense daemon
Summary
A use of externally-controlled format string vulnerability [CWE-134] in the Fclicense daemon of FortiOS may allow a remote authenticated attacker to execute arbitrary code or commands via specially crafted requests.
Affected Products
FortiOS version 7.2.0 through 7.2.4
FortiOS version 7.0.0 through 7.0.11
FortiOS version 6.4.0 through 6.4.12
FortiOS version 6.2.0 through 6.2.14
FortiOS 6.0 all versions
Solutions
Please upgrade to FortiOS version 7.4.0 or above
Please upgrade to FortiOS version 7.2.5 or above
Please upgrade to FortiOS version 7.0.12 or above
Please upgrade to FortiOS version 6.4.13 or above
Please upgrade to FortiOS version 6.2.15 or above
Virtual Patch named "FortiOS.Fclicense.Daemon.Format.String." is available in FMWP db update 23.104