CVE-2022-43953

CVE Database · CVE-2022-43953

CVE-2022-43953

· MEDIUMModified

CVSS v3.1

6.7

EPSS

0.25%

Published

Jun 13, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-134CWE-134

Affected Products (7)

fortinet · fortiproxyvulnerable

fortinet · fortiosvulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-22-463

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-463

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs