Executive Risk Summary
"A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer and FortiManager may allow an attacker to escalate its privileges via specially crafted requests, potentially leading to unauthorized access and data breaches. Affected versions include FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, and other versions of FortiAnalyzer and FortiManager."
Operational Audit Arsenal
Manual Verification Required
This is a non-Windows asset (Fortinet). Use the target asset details above to verify your version against vendor advisories.
Patch Impact Forecast
Moderate
Internal Work Notes
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Scope of Impact
Original NVD Description
"A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow an attacker to escalate its privileges via specially crafted requests."