发布日期：2022-08-05
更新日期：2022-10-13

受影响系统：

Fortinet Fortinet FortiOS >= 7.0.0
Fortinet Fortinet FortiOS >= 6.4.0
Fortinet Fortinet FortiOS >= 6.2.0
Fortinet Fortinet FortiOS >= 6.0.0
Fortinet Fortinet FortiOS <= 7.0.2
Fortinet Fortinet FortiOS <= 6.4.8
Fortinet Fortinet FortiOS <= 6.2.10
Fortinet Fortinet FortiOS <= 6.0.14
Fortinet Fortinet FortiMail >= 7.0.0
Fortinet Fortinet FortiMail >= 6.4.0
Fortinet Fortinet FortiMail <= 7.0.2
Fortinet Fortinet FortiMail <= 6.4.5
Fortinet Fortinet FortiProxy >= 7.0.0
Fortinet Fortinet FortiProxy >= 2.0.0
Fortinet Fortinet FortiProxy >= 1.2.0
Fortinet Fortinet FortiProxy >= 1.1.0
Fortinet Fortinet FortiProxy >= 1.0.0
Fortinet Fortinet FortiProxy <= 2.0.7
Fortinet Fortinet FortiProxy <= 1.2.13
Fortinet Fortinet FortiProxy <= 1.1.6
Fortinet Fortinet FortiProxy <= 1.0.7
Fortinet Fortinet FortiADC >= 6.2.0
Fortinet Fortinet FortiADC >= 6.1.0
Fortinet Fortinet FortiADC >= 6.0.0
Fortinet Fortinet FortiADC <= 6.2.1
Fortinet Fortinet FortiADC <= 6.1.5
Fortinet Fortinet FortiADC <= 6.0.4

描述：

---

CVE(CAN) ID: CVE-2022-22299

Fortinet FortiOS等都是美国飞塔（Fortinet）公司的产品。Fortinet FortiOS是专用于网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。
Fortinet FortiOS、FortiMail、FortiProxy和FortiADC多个版本存在格式化字符串漏洞。经过身份认证的攻击者可利用该漏洞在未经授权的情况下通过特制的命令参数执行代码或命令。

<*链接：https://www.fortiguard.com/psirt/FG-IR-21-235
*>

建议：

---

厂商补丁：

Fortinet
--------
Fortinet已经为此发布了一个安全公告（FG-IR-21-235）以及相应补丁:
FG-IR-21-235：FortiOS, FortiProxy, FortiADC and FortiMail - Format string vulnerability in command line interpreter
链接：https://www.fortiguard.com/psirt/FG-IR-21-235

浏览次数：450
严重程度：0（网友投票）