Format String Bug in cli command

Summary

Multiple format string bug vulnerabilitues [CWE-134] in FortiOS, FortiProxy, FortiPAM & FortiSwitchManager command line interpreter and httpd may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted commands and http requests.

Version Affected Solution
FortiOS 7.4 7.4.0 Upgrade to 7.4.1 or above
FortiOS 7.2 7.2.0 through 7.2.5 Upgrade to 7.2.6 or above
FortiOS 7.0 7.0 all versions Migrate to a fixed release
FortiOS 6.4 6.4 all versions Migrate to a fixed release
FortiOS 6.2 6.2 all versions Migrate to a fixed release
FortiOS 6.0 6.0.0 through 6.0.16 Migrate to a fixed release
FortiPAM 1.1 1.1.0 Upgrade to 1.1.1 or above
FortiPAM 1.0 1.0 all versions Migrate to a fixed release
FortiProxy 7.2 7.2.0 through 7.2.5 Upgrade to 7.2.6 or above
FortiProxy 7.0 7.0.0 through 7.0.11 Upgrade to 7.0.12 or above
FortiProxy 2.0 2.0 all versions Migrate to a fixed release
FortiProxy 1.2 1.2 all versions Migrate to a fixed release
FortiProxy 1.1 1.1 all versions Migrate to a fixed release
FortiProxy 1.0 1.0 all versions Migrate to a fixed release
FortiSwitchManager 7.2 7.2.0 through 7.2.2 Upgrade to 7.2.3 or above
FortiSwitchManager 7.0 7.0.0 through 7.0.2 Upgrade to 7.0.3 or above
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool

FortiSASE: Issue remediated Q3/23


Virtual Patch named "FortiOS.Httpsd.Daemon.Format.String." is available in FMWP db update 23.103


edited on: 2023-10-23 12:44

Acknowledgement

Internally discovered and reported by Gwendal Guégniaud and Théo Leleu of Fortinet Product Security team in the frame of an internal audit of the SSL-VPN component.

Timeline

2024-05-14: Initial publication