CVE-2021-26104

🗓️ 06 Apr 2022 16:00:20Reported by fortinetType

Multiple OS command injection vulnerabilities in FortiManager, FortiAnalyzer, and FortiPortal

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software and the Fortinet FortiAnalyzer security event monitoring and analysis tool allows a malicious actor to execute arbitrary commands.	15 Sep 202100:00	–	bdu_fstec
Circl	CVE-2021-26104	6 Apr 202220:30	–	circl
CNNVD	Fortinet 多款产品操作系统命令注入漏洞	3 Aug 202100:00	–	cnnvd
CNVD	Fortinet Multiple Products Operating System Command Injection Vulnerability	7 Apr 202200:00	–	cnvd
CVE	CVE-2021-26104	6 Apr 202216:00	–	cve
EUVD	EUVD-2021-12925	7 Oct 202500:30	–	euvd
Fortinet	FortiManager, FortiAnalyzer and FortiPortal - Multiple OS command injection vulnerabilities	3 Aug 202100:00	–	fortinet
NCSC	Vulnerabilities fixed in FortiManager and FortiAnalyzer	4 Aug 202100:00	–	ncsc
NVD	CVE-2021-26104	6 Apr 202216:15	–	nvd
Prion	Command injection	6 Apr 202216:15	–	prion

[
  {
    "product": "Fortinet FortiManager, FortiAnalyzer, FortiPortal",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.com/advisory/FG-IR-21-037
github	www.github.com/orangecertcc/security-research/security/advisories/GHSA-f73m-fvj3-m2pm

22 Apr 2022 19:31Current

8.2High risk

Vulners AI Score8.2

CVSS 3.17.8

EPSS0.03086