An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 up to and including 7.2.3, version 7.0.0 up to and including 7.0.8, version 6.4.0 up to and including 6.4.12 and version 6.2.0 up to and including 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortimanager |
||
fortinet fortianalyzer 7.4.0 |
||
fortinet fortianalyzer |
||
fortinet fortimanager 7.4.0 |