CVE-2023-26210 | THREATINT

Description

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.

PUBLISHED Reserved 2023-02-20 | Published 2023-06-13 | Updated 2024-10-23 | Assigner fortinet

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:C

Problem types

Execute unauthorized code or commands

Product status

Default status

unaffected

7.1.0

affected

7.0.0

affected

6.2.0 (semver)

affected

6.1.0

affected

6.0.0

affected

5.4.0

affected

5.3.0

affected

5.2.0 (semver)

affected

Default status

unaffected

7.2.0

affected

7.1.0 (semver)

affected

7.0.0 (semver)

affected

6.2.0 (semver)

affected

6.1.0 (semver)

affected

6.0.0 (semver)

affected

5.4.0 (semver)

affected

5.3.0 (semver)

affected

5.2.0 (semver)

affected

References

fortiguard.com/psirt/FG-IR-23-076

cve.org (CVE-2023-26210)

nvd.nist.gov (CVE-2023-26210)

Download JSON