PSIRT Advisories

FortiOS, FortiProxy, FortiADC and FortiMail - Format string vulnerability in command line interpreter

Summary

A format string vulnerability [CWE-134] in the command line interpreter of FortiOS, FortiProxy, FortiADC, and FortiMail may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.

Affected Products

FortiADC version 6.0.0 through 6.0.4
FortiADC version 6.1.0 through 6.1.5
FortiADC version 6.2.0 through 6.2.1

FortiProxy version 1.0.0 through 1.0.7
FortiProxy version 1.1.0 through 1.1.6
FortiProxy version 1.2.0 through 1.2.13
FortiProxy version 2.0.0 through 2.0.7
FortiProxy version 7.0.0 through 7.0.1

FortiOS version 6.0.0 through 6.0.14
FortiOS version 6.2.0 through 6.2.10
FortiOS version 6.4.0 through 6.4.8
FortiOS version 7.0.0 through 7.0.2

FortiMail version 6.4.0 through 6.4.5
FortiMail version 7.0.0 through 7.0.2

Solutions

Upgrade to FortiOS 7.0.4 or above.
Upgrade to FortiOS 6.4.9 or above.
Upgrade to FortiOS 6.2.11 or above.
Upgrade to FortiOS 6.0.15 or above.

Upgrade to FortiProxy 7.0.2 or above
Upgrade to FortiProxy 2.0.8 or above
Fixes for Fortiproxy 1.2, 1.1 and 1.0 are not planned

Upgrade to FortiADC 7.0.1 or above
Upgrade to FortiADC 6.2.3 or above

Upgrade to FortiMail 6.4.6 or above.
Upgrade to FortiMail 7.0.3 or above.
Upgrade to FortiMail 7.2.0 or above.

Acknowledgement

Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security Team.