A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 up to and including 7.0.3, 6.4.0 up to and including 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 up to and including 7.0.3, version 6.4.0 up to and including 6.4.7, 6.2.x and 6.0.x allows malicious user to execute arbitrary shell code as `root` user via `diagnose system` CLI commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortimanager |
||
fortinet fortianalyzer |