Home

Description

Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters.

PUBLISHED Reserved 2021-01-25 | Published 2022-04-06 | Updated 2024-10-25 | Assigner fortinet




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C

Problem types

Execute unauthorized code or commands

Product status

FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below
affected

References

fortiguard.com/advisory/FG-IR-21-037

github.com/...search/security/advisories/GHSA-f73m-fvj3-m2pm

fortiguard.com/advisory/FG-IR-21-037

github.com/...search/security/advisories/GHSA-f73m-fvj3-m2pm

cve.org (CVE-2021-26104)

nvd.nist.gov (CVE-2021-26104)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.