Home
HIGH: 7.0 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:CDefault status
unaffected
7.6.0 (semver)
affected
7.4.0 (semver)
affected
7.2.0 (semver)
affected
7.1.0 (semver)
affected
7.0.0 (semver)
affected
6.2.0 (semver)
affected
6.1.0 (semver)
affected
Description
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.
Problem types
Execute unauthorized code or commands
Product status
7.6.0 (semver)
7.4.0 (semver)
7.2.0 (semver)
7.1.0 (semver)
7.0.0 (semver)
6.2.0 (semver)
6.1.0 (semver)
References
fortiguard.fortinet.com/psirt/FG-IR-25-099
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
