Vulnerability Description
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortiadc | >= 6.0.0, <= 6.0.4 |
| Fortinet | Fortimail | >= 6.4.0, <= 6.4.5 |
| Fortinet | Fortiproxy | >= 1.0.0, <= 1.0.7 |
| Fortinet | Fortios | >= 5.0.0, <= 5.0.14 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/psirt/FG-IR-21-235PatchVendor Advisory
- https://fortiguard.com/psirt/FG-IR-21-235PatchVendor Advisory
FAQ
What is CVE-2022-22299?
CVE-2022-22299 is a vulnerability with a CVSS score of 7.8 (HIGH). A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy ...
How severe is CVE-2022-22299?
CVE-2022-22299 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22299?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiadc, Fortinet Fortimail, Fortinet Fortiproxy, Fortinet Fortios.