CVE-2022-43953: 
FortiOS vulnerability analysis and mitigation

A format string vulnerability (CWE-134) was discovered in the command line interpreter of FortiOS and FortiProxy. The vulnerability, identified as CVE-2022-43953, was internally discovered by Gwendal Guégniaud of Fortinet Product Security Team and initially published on June 12, 2023. The affected products include FortiOS versions 7.2.0 through 7.2.4, all versions of 7.0, 6.4, 6.2, and FortiProxy versions 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7 (Fortinet Advisory).

The vulnerability is classified as a format string bug (CWE-134) that exists in the fortiguard-resources CLI command. It received a CVSS v3.1 base score of 7.8 (High) from NVD with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Fortinet assigned it a medium severity with a CVSS score of 6.3 (NVD).

When successfully exploited, this vulnerability allows an authenticated user to execute unauthorized code or commands through specially crafted command arguments in the command line interpreter (Fortinet Advisory).

Fortinet has released multiple security updates to address this vulnerability. Users are advised to upgrade to FortiProxy version 7.2.2 or above, FortiProxy version 7.0.8 or above, FortiOS version 7.4.0 or above, FortiOS version 7.2.5 or above, FortiOS version 7.0.12 or above, or FortiOS version 6.4.13 or above (Fortinet Advisory).