FortiWLM - command Injection in script handlers

2022-03-0100:00:00

FortiGuard Labs

www.fortiguard.com

0.001 Low

EPSS

Percentile

48.5%

JSON

An improper neutralization of special elements used in an OS command (‘OS Command Injection’) [CWE-78] vulnerability in FortiWLM may allow an authenticated attacker to execute arbitrary shell commands via crafted HTTP requests to the alarm dashboard and controller config handlers.

CPENameOperatorVersion
fortiwlmeq8.6.2
fortiwlmeq8.6.1
fortiwlmeq8.6.0
fortiwlmeq8.5.3
fortiwlmeq8.5.2
fortiwlmeq8.5.1
fortiwlmeq8.5.0
fortiwlmeq8.4.2
fortiwlmeq8.4.1
fortiwlmeq8.4.0

Name	Operator	Version
fortiwlm	eq	8.6.2
fortiwlm	eq	8.6.1
fortiwlm	eq	8.6.0
fortiwlm	eq	8.5.3
fortiwlm	eq	8.5.2
fortiwlm	eq	8.5.1
fortiwlm	eq	8.5.0
fortiwlm	eq	8.4.2
fortiwlm	eq	8.4.1
fortiwlm	eq	8.4.0

Rows per page:

1-10 of 141

0.001 Low

EPSS

Percentile

48.5%

JSON

Related for FG-IR-21-128