9 matches found
CVE-2023-28000
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted...
CVE-2023-28000
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted...
Command injection
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted...
CVE-2023-28000
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted...
PT-2023-3349 · Fortinet · Fortiadc
Name of the Vulnerable Software and Affected Versions: FortiADC versions 6.0 through 7.1.0 Description: The issue is related to an improper neutralization of special elements used in an OS command, which may allow a local and authenticated attacker to execute unauthorized commands via specificall...
The software’s vulnerability regarding centralized device management by Fortinet FortiManager and the FortiAnalyzer network switch allows a perpetrator to execute arbitrary commands. This vulnerability arises due to the lack of measures taken to neutralize special elements used in the operating system command set.
The vulnerability of the software for centralized device management of Fortinet’s FortiManager and FortiAnalyzer devices exists because measures are not taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execut...
CVE-2022-27483
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to...
CVE-2022-27483
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to...
FortiManager and FortiAnalyzer - Buffer overflow vulnerability through the diagnose system geoip-city command
A buffer overflow vulnerability in FortiAnalyzer and FortiManager CLI may allow an authenticated, local attacker to perform a Denial of Service attack by running the diagnose system geoip-city command with a large ip value. Fortinet is not aware of any successful exploitation of this vulnerabilit...