Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.
2023-06-13T09:15:16.510
2024-11-21T07:50:55.397
Modified
CVSSv3.1: 7.8 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | fortiadc | ≤ 5.2.8 | Yes |
| Application | fortinet | fortiadc | ≤ 5.3.7 | Yes |
| Application | fortinet | fortiadc | ≤ 5.4.5 | Yes |
| Application | fortinet | fortiadc | ≤ 6.0.4 | Yes |
| Application | fortinet | fortiadc | ≤ 6.1.6 | Yes |
| Application | fortinet | fortiadc | ≤ 6.2.6 | Yes |
| Application | fortinet | fortiadc | ≤ 7.0.5 | Yes |
| Application | fortinet | fortiadc | 7.1.0 | Yes |
| Application | fortinet | fortiadc | 7.1.1 | Yes |
| Application | fortinet | fortiadc | 7.1.2 | Yes |
| Application | fortinet | fortiadc | 7.2.0 | Yes |
| Application | fortinet | fortiadc_manager | 5.2.0 | Yes |
| Application | fortinet | fortiadc_manager | 5.2.1 | Yes |
| Application | fortinet | fortiadc_manager | 5.3.0 | Yes |
| Application | fortinet | fortiadc_manager | 5.4.0 | Yes |
| Application | fortinet | fortiadc_manager | 6.0.0 | Yes |
| Application | fortinet | fortiadc_manager | 6.1.0 | Yes |
| Application | fortinet | fortiadc_manager | 6.2.0 | Yes |
| Application | fortinet | fortiadc_manager | 6.2.1 | Yes |
| Application | fortinet | fortiadc_manager | 7.0.0 | Yes |
| Application | fortinet | fortiadc_manager | 7.1.0 | Yes |