What is the severity of CVE-2022-22299?

CVE-2022-22299 has a critical severity rating due to the potential for remote code execution.

How do I fix CVE-2022-22299?

To fix CVE-2022-22299, upgrade to FortiADC versions 6.0.5 or later, 6.1.6 or later, 6.2.2 or later, or the latest versions of FortiProxy and FortiMail.

What software is affected by CVE-2022-22299?

CVE-2022-22299 affects multiple versions of FortiADC, FortiProxy, and FortiMail software.

What types of attacks can exploit CVE-2022-22299?

CVE-2022-22299 can be exploited through format string vulnerabilities, which can lead to unauthorized access or system crashes.

Is there a workaround for CVE-2022-22299?

Currently, the only reliable workaround for CVE-2022-22299 is to apply the appropriate updates to the affected software.

Vulnerability/
CVE-2022-22299

high

7.8

CWE

134

5/8/2022

25/10/2024

CVE-2022-22299

First published: Fri Aug 05 2022(Updated: )

A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiADC	>=6.0.0<=6.0.4
Fortinet FortiADC	>=6.1.0<=6.1.6
Fortinet FortiADC	=6.2.0
Fortinet FortiADC	=6.2.1
Fortinet Fortimail-200d	>=6.4.0<=6.4.5
Fortinet Fortimail-200d	>=7.0.0<=7.0.2
Fortinet FortiProxy	>=1.0.0<=1.0.7
Fortinet FortiProxy	>=1.1.0<=1.1.6
Fortinet FortiProxy	>=1.2.0<=1.2.13
Fortinet FortiProxy	>=2.0.0<=2.0.7
Fortinet FortiProxy	=7.0.0
Fortinet FortiProxy	=7.0.1
FortiOS	>=5.0.0<=5.0.14
FortiOS	>=5.2.0<=5.2.15
FortiOS	>=5.4.0<=5.4.13
FortiOS	>=5.6.0<=5.6.14
FortiOS	>=6.0.0<=6.0.14
FortiOS	>=6.2.0<=6.2.10
FortiOS	>=6.4.0<6.4.8
FortiOS	>=7.0.0<7.0.2

Remedy

https://fortiguard.com/psirt/FG-IR-21-235

Never miss a vulnerability like this again

Reference Links

https://fortiguard.com/psirt/FG-IR-21-235

Frequently Asked Questions

What is the severity of CVE-2022-22299?
CVE-2022-22299 has a critical severity rating due to the potential for remote code execution.
How do I fix CVE-2022-22299?
To fix CVE-2022-22299, upgrade to FortiADC versions 6.0.5 or later, 6.1.6 or later, 6.2.2 or later, or the latest versions of FortiProxy and FortiMail.
What software is affected by CVE-2022-22299?
CVE-2022-22299 affects multiple versions of FortiADC, FortiProxy, and FortiMail software.
What types of attacks can exploit CVE-2022-22299?
CVE-2022-22299 can be exploited through format string vulnerabilities, which can lead to unauthorized access or system crashes.
Is there a workaround for CVE-2022-22299?
Currently, the only reliable workaround for CVE-2022-22299 is to apply the appropriate updates to the affected software.

agent/type
agent/references
agent/remedy
agent/author
agent/weakness
agent/description
agent/severity
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/fortinet
canonical/fortinet fortiadc
version/fortinet fortiadc/6.0.0
version/fortinet fortiadc/6.0.4
version/fortinet fortiadc/6.1.0
version/fortinet fortiadc/6.1.6
version/fortinet fortiadc/6.2.0
version/fortinet fortiadc/6.2.1
canonical/fortinet fortimail-200d
version/fortinet fortimail-200d/6.4.0
version/fortinet fortimail-200d/6.4.5
version/fortinet fortimail-200d/7.0.0
version/fortinet fortimail-200d/7.0.2
canonical/fortinet fortiproxy
version/fortinet fortiproxy/1.0.0
version/fortinet fortiproxy/1.0.7
version/fortinet fortiproxy/1.1.0
version/fortinet fortiproxy/1.1.6
version/fortinet fortiproxy/1.2.0
version/fortinet fortiproxy/1.2.13
version/fortinet fortiproxy/2.0.0
version/fortinet fortiproxy/2.0.7
version/fortinet fortiproxy/7.0.0
version/fortinet fortiproxy/7.0.1
canonical/fortios
version/fortios/5.0.0
version/fortios/5.0.14
version/fortios/5.2.0
version/fortios/5.2.15
version/fortios/5.4.0
version/fortios/5.4.13
version/fortios/5.6.0
version/fortios/5.6.14
version/fortios/6.0.0
version/fortios/6.0.14
version/fortios/6.2.0
version/fortios/6.2.10
version/fortios/6.4.0
version/fortios/7.0.0