FortiWeb - Command injection in CLI backup functionality

2023-02-1600:00:00

FortiGuard Labs

www.fortiguard.com

fortiweb

command injection

cli backup

vulnerability

cwe-78

os command

bash commands

security

0.001 Low

EPSS

Percentile

21.8%

JSON

An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiWeb may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters.

CPENameOperatorVersion
fortiwebeq7.0.1
fortiwebeq7.0.0
fortiwebeq6.4.3
fortiwebeq6.4.2
fortiwebeq6.4.1
fortiwebeq6.4.0
fortiwebeq6.3.9
fortiwebeq6.3.8
fortiwebeq6.3.7
fortiwebeq6.3.6

Name	Operator	Version
fortiweb	eq	7.0.1
fortiweb	eq	7.0.0
fortiweb	eq	6.4.3
fortiweb	eq	6.4.2
fortiweb	eq	6.4.1
fortiweb	eq	6.4.0
fortiweb	eq	6.3.9
fortiweb	eq	6.3.8
fortiweb	eq	6.3.7
fortiweb	eq	6.3.6

Rows per page:

1-10 of 191

0.001 Low

EPSS

Percentile

21.8%

JSON

Related for FG-IR-22-131