First published: Thu Feb 08 2024(Updated: )
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiOS | >=7.4.0<=7.4.2 | |
Fortinet FortiOS | >=7.2.0<=7.2.6 | |
Fortinet FortiOS | >=7.0.0<=7.0.13 | |
Fortinet FortiPAM | >=1.2 | |
Fortinet FortiPAM | >=1.1 | |
Fortinet FortiPAM | >=1.0 | |
Fortinet FortiProxy | >=7.4.0<=7.4.2 | |
Fortinet FortiProxy | >=7.2.0<=7.2.8 | |
Fortinet FortiProxy | >=7.0.0<=7.0.15 | |
Fortinet FortiWeb | >=7.4.0<=7.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.