N/A

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow an attacker to escalate its privileges via specially crafted requests.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

使用外部控制的格式字符串

Fortinet多款产品 格式化字符串错误漏洞

Fortinet FortiManager等都是美国飞塔（Fortinet）公司的产品。Fortinet FortiManager是一套集中化网络安全管理平台。Fortinet FortiAnalyzer是一套集中式网络安全报告解决方案。Fortinet FortiManager Cloud是一个基于云的网络管理软件。 Fortinet多款产品存在格式化字符串错误漏洞，该漏洞源于使用外部可控的格式字符串，可能导致攻击者通过特制请求提升权限。以下产品及版本受到影响：FortiAnalyzer 7.6.0版本

N/A

N/A