Home
HIGH: 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:CDefault status
unaffected
7.2.0
affected
7.1.0 (semver)
affected
7.0.0 (semver)
affected
6.2.0 (semver)
affected
6.1.0 (semver)
affected
6.0.0 (semver)
affected
5.4.0 (semver)
affected
5.3.0 (semver)
affected
5.2.0 (semver)
affected
Default status
unaffected
7.1.0
affected
7.0.0
affected
6.2.0 (semver)
affected
6.1.0
affected
6.0.0
affected
5.4.0
affected
5.3.0
affected
5.2.0 (semver)
affected
Description
Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] vulnerability in Fortinet allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.
Problem types
Execute unauthorized code or commands
Product status
7.2.0
7.1.0 (semver)
7.0.0 (semver)
6.2.0 (semver)
6.1.0 (semver)
6.0.0 (semver)
5.4.0 (semver)
5.3.0 (semver)
5.2.0 (semver)
7.1.0
7.0.0
6.2.0 (semver)
6.1.0
6.0.0
5.4.0
5.3.0
5.2.0 (semver)
References
fortiguard.com/psirt/FG-IR-23-076
fortiguard.com/psirt/FG-IR-23-076