Externally-Controlled Format String Vulnerability in Fortinet FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager
CVE-2023-40721
6.3MEDIUM
Key Information:
- Vendor
Fortinet
- Vendor
- CVE Published:
- 11 February 2025
What is CVE-2023-40721?
A vulnerability exists in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager allowing privileged attackers to execute arbitrary code or commands. This occurs due to the improper handling of externally-controlled format strings, leaving the affected products susceptible to specially crafted requests that can manipulate program execution.
Affected Version(s)
FortiOS 7.4.0
FortiOS 7.2.0 <= 7.2.5
FortiOS 7.0.0 <= 7.0.13