Out-of-bound write in CLI
Summary
An out-of-bounds write vulnerability [CWE-787] in Command Line Interface of FortiOS and FortiProxy may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted commands.
Affected Products
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.10
FortiOS version 6.4.0 through 6.4.12
FortiOS 6.2 all versions
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy 2.0 all versions
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
FortiProxy 1.0 all versions
Solutions
Please upgrade to FortiOS version 7.4.0 or above
Please upgrade to FortiOS version 7.2.4 or above
Please upgrade to FortiOS version 7.0.11 or above
Please upgrade to FortiOS version 6.4.13 or above
Please upgrade to FortiProxy version 7.2.3 or above
Please upgrade to FortiProxy version 7.0.9 or above
Acknowledgement
Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.Timeline
2023-06-09: Initial publication