FortiADC & FortiADC Manager - Command injection vulnerabilities in cli commands

2023-06-1200:00:00

FortiGuard Labs

www.fortiguard.com

os command injection

cwe-78

fortiadc

fortiadc manager

local authenticated attacker

arbitrary shell code

root user

cli requests

software

0.0004 Low

EPSS

Percentile

5.2%

JSON

Multiple improper neutralization of special elements used in an os command (‘OS Command Injection’) vulnerabilties [CWE-78] in FortiADC & FortiADC Manager may allow a local authenticated attacker to execute arbitrary shell code as root user via crafted CLI requests.

CPENameOperatorVersion
fortiadceq7.2.0
fortiadceq7.1.2
fortiadceq7.1.1
fortiadceq7.1.0
fortiadceq7.0.5
fortiadceq7.0.4
fortiadceq7.0.3
fortiadceq7.0.2
fortiadceq7.0.1
fortiadceq7.0.0

Name	Operator	Version
fortiadc	eq	7.2.0
fortiadc	eq	7.1.2
fortiadc	eq	7.1.1
fortiadc	eq	7.1.0
fortiadc	eq	7.0.5
fortiadc	eq	7.0.4
fortiadc	eq	7.0.3
fortiadc	eq	7.0.2
fortiadc	eq	7.0.1
fortiadc	eq	7.0.0

Rows per page:

1-10 of 621

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for FG-IR-23-076