ghsa-gm85-v466-h9x4
Vulnerability from github
Published
2022-10-10 19:00
Modified
2022-10-12 19:00
Severity
Details
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.
{ "affected": [], "aliases": [ "CVE-2021-44171" ], "database_specific": { "cwe_ids": [ "CWE-78" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-10-10T14:15:00Z", "severity": "HIGH" }, "details": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.", "id": "GHSA-gm85-v466-h9x4", "modified": "2022-10-12T19:00:35Z", "published": "2022-10-10T19:00:18Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44171" }, { "type": "WEB", "url": "https://fortiguard.com/psirt/FG-IR-21-242" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Loading...