FortiNDR - OS command injection due to improper input sanitization

2021-05-0500:00:00

FortiGuard Labs

www.fortiguard.com

0.002 Low

EPSS

Percentile

53.8%

JSON

An improper input validation in FortiNDR v1.4.0 may allow an authenticated user to gain system shell access via a malicious payload in the “diagnose” command.

CPENameOperatorVersion
fortindreq1.4.0
fortindreq1.3.1
fortindreq1.3.0
fortindreq1.2.0
fortindreq1.1.0

Name	Operator	Version
fortindr	eq	1.4.0
fortindr	eq	1.3.1
fortindr	eq	1.3.0
fortindr	eq	1.2.0
fortindr	eq	1.1.0

0.002 Low

EPSS

Percentile

53.8%

JSON

Related for FG-IR-21-033