Command injection

2021-07-0919:15:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.1%

JSON

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP’s console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments.

CPENameOperatorVersion
fortiapge6.4.1
fortiaplt6.4.6
fortiap-sge6.2.4
fortiap-slt6.2.6
fortiap-w2ge6.2.4
fortiap-w2lt6.2.6

Name	Operator	Version
fortiap	ge	6.4.1
fortiap	lt	6.4.6
fortiap-s	ge	6.2.4
fortiap-s	lt	6.2.6
fortiap-w2	ge	6.2.4
fortiap-w2	lt	6.2.6

References

fortiguard.com/advisory/FG-IR-20-210