CVE-2023-40721: 
FortiOS vulnerability analysis and mitigation

A use of externally-controlled format string vulnerability [CWE-134] was discovered in Fortinet products including FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager. The vulnerability (CVE-2023-40721) was disclosed on February 11, 2025, and affects multiple versions of these products. The vulnerability exists in the CLI component and allows a privileged attacker to execute arbitrary code or commands via specially crafted requests (Fortiguard PSIRT, NVD).

The vulnerability is classified as a format string vulnerability (CWE-134) in the CLI component of affected Fortinet products. It has been assigned a CVSSv3 score of 6.7 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating local access is required and high privileges are needed to exploit the vulnerability (NVD).

If successfully exploited, this vulnerability allows a privileged attacker to execute unauthorized code or commands on the affected systems. The high CVSS impact scores for confidentiality, integrity, and availability (C:H/I:H/A:H) indicate that successful exploitation could result in significant system compromise (Fortiguard PSIRT).

Fortinet has released patches for affected products and recommends upgrading to the following versions: FortiOS version 7.4.2 or above, FortiOS version 7.2.7 or above, FortiOS version 7.0.14 or above, FortiPAM version 1.2.0 or above, FortiSwitchManager version 7.2.3 or above, FortiSwitchManager version 7.0.3 or above, FortiProxy version 7.4.1 or above, FortiProxy version 7.2.8 or above, and FortiProxy version 7.0.15 or above (Fortiguard PSIRT).

The vulnerability was responsibly disclosed by Ryan Quasney from BishopFox to Fortinet. Fortinet acknowledged the researcher's contribution in their security advisory (Fortiguard PSIRT).