Security News

Cybersecurity news aggregator

🛡️
MEDIUM Vulnerabilities Fortinet PSIRT

Format String Vulnerability in CAPWAP fast-failover mode

fortinet
  • What: A format string vulnerability exists in FortiGate's CAPWAP fast-failover mode.
  • Impact: An authenticated admin may execute unauthorized code or commands via crafted configurations.
  • Affected: FortiOS versions 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, 7.2.0 through 7.2.11, and 7.0 all versions.
  • Patch: Upgrade to FortiOS 7.6.5 or 7.4.10, or migrate to a fixed release.
Read Full Article →

PSIRT Format String Vulnerability in CAPWAP fast-failover mode Summary A Use of Externally-Controlled Format String vulnerability [CWE-134] in FortiGate may allow an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. Version Affected Solution FortiOS 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above FortiOS 7.4 7.4.0 through 7.4.9 Upgrade to 7.4.10 or above FortiOS 7.2 7.2.0 through 7.2.11 Migrate to a fixed release FortiOS 7.0 7.0 all versions Migrate to a fixed release FortiOS 6.4 Not affected Not Applicable Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool Virtual Patch named "FG-VD-59445.0day." is available in FMWP db update 26.010 Acknowledgement Internally discovered and reported by Yonghui Han of Fortinet Product Security team. Timeline 2026-02-10: Initial publication

Related Articles

MEDIUM Out-of-bounds access in CAPWAP daemon Fortinet PSIRT MEDIUM Integer Overflow Denial of Service in administrative interface Fortinet PSIRT MEDIUM Missing Authentication for critical function in CAPWAP daemon Fortinet PSIRT HIGH Format string vulnerability in fazsvcd Fortinet PSIRT
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn