Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-37937

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI.

Published

2025-01-14T14:15:26.940

Last Modified

2025-01-31T17:43:14.143

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	fortinet	fortiswitch	< 6.2.8	Yes
Operating System	fortinet	fortiswitch	< 6.4.14	Yes
Operating System	fortinet	fortiswitch	< 7.0.8	Yes
Operating System	fortinet	fortiswitch	< 7.2.6	Yes
Operating System	fortinet	fortiswitch	7.4.0	Yes

References

https://fortiguard.com/psirt/FG-IR-23-258 Vendor Advisory ([email protected])