Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-15708

Summary
Assigner-fortinet
Assigner Org ID-6abe59d8-c742-4dff-8ce8-9b0ca1073da8
Published At-15 Mar, 2020 | 22:27
Updated At-25 Oct, 2024 | 14:25
Rejected At-
Credits

A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:fortinet
Assigner Org ID:6abe59d8-c742-4dff-8ce8-9b0ca1073da8
Published At:15 Mar, 2020 | 22:27
Updated At:25 Oct, 2024 | 14:25
Rejected At:
▼CVE Numbering Authority (CNA)

A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.

Affected Products
Vendor
Fortinet, Inc.Fortinet
Product
Fortinet FortiAP-S/W2
Versions
Affected
  • 6.2.1
  • 6.2.0
  • 6.0.5 and below
Vendor
Fortinet, Inc.Fortinet
Product
Fortinet FortiAP-U
Versions
Affected
  • 6.0.5 and below
Vendor
Fortinet, Inc.Fortinet
Product
Fortinet FortiAP
Versions
Affected
  • below 6.0.0
Problem Types
TypeCWE IDDescription
textN/AExecute unauthorized code or commands
Type: text
CWE ID: N/A
Description: Execute unauthorized code or commands
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://fortiguard.com/psirt/FG-IR-19-209
x_refsource_CONFIRM
Hyperlink: https://fortiguard.com/psirt/FG-IR-19-209
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://fortiguard.com/psirt/FG-IR-19-209
x_refsource_CONFIRM
x_transferred
Hyperlink: https://fortiguard.com/psirt/FG-IR-19-209
Resource:
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@fortinet.com
Published At:15 Mar, 2020 | 23:15
Updated At:19 Mar, 2020 | 20:21

A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Fortinet, Inc.
fortinet
>>fortiap>>Versions up to 6.0.5(inclusive)
cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiap-s>>Versions up to 6.0.5(inclusive)
cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiap-s>>6.2.0
cpe:2.3:a:fortinet:fortiap-s:6.2.0:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiap-s>>6.2.1
cpe:2.3:a:fortinet:fortiap-s:6.2.1:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiap-u>>Versions up to 6.0.0(inclusive)
cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiap-w2>>Versions up to 6.0.5(inclusive)
cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiap-w2>>6.2.0
cpe:2.3:a:fortinet:fortiap-w2:6.2.0:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiap-w2>>6.2.1
cpe:2.3:a:fortinet:fortiap-w2:6.2.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://fortiguard.com/psirt/FG-IR-19-209psirt@fortinet.com
Vendor Advisory
Hyperlink: https://fortiguard.com/psirt/FG-IR-19-209
Source: psirt@fortinet.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

396Records found
CVE-2023-36640
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.12%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:19
Updated-02 Aug, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyfortipamfortiosFortiOSFortiProxyFortiPAMfortiswitchmanagerfortiproxyfortipamfortios
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2022-43953
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 11.93%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 08:41
Updated-23 Oct, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyfortiosFortiOSFortiProxy
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2025-32766
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 3.30%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 18:59
Updated-14 Aug, 2025 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2015-5735
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 19.33%
||
7 Day CHG~0.00%
Published-03 Sep, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-forticlientn/a
CVE-2024-46663
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 14:54
Updated-12 Mar, 2025 | 04:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-FortiMail
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-24477
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-4||MEDIUM
EPSS-0.02% / 2.75%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 08:14
Updated-18 Jul, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow in Fortinet FortiOS versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2.4 through 7.2.11 allows an attacker to escalate its privileges via a specially crafted CLI command

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortiOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2019-15711
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.63%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 15:10
Updated-25 Oct, 2024 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process.

Action-Not Available
Vendor-Fortinet, Inc.
Product-forticlientFortinet FortiClientLinux
CVE-2009-1262
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 23.43%
||
7 Day CHG~0.00%
Published-07 Apr, 2009 | 23:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-forticlientn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2021-44170
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.13% / 32.73%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 16:35
Updated-25 Oct, 2024 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyfortiosFortinet FortiProxy, FortiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-43065
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.91%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 09:15
Updated-25 Oct, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortinacFortinet FortiNAC
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-36193
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.65% / 69.87%
||
7 Day CHG~0.00%
Published-02 Feb, 2022 | 11:19
Updated-25 Oct, 2024 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortiwebn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-26089
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 27.07%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 12:48
Updated-25 Oct, 2024 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.

Action-Not Available
Vendor-Fortinet, Inc.
Product-forticlientFortinet FortiClientMac
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-24022
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.95%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 10:32
Updated-25 Oct, 2024 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzerfortimanagerFortinet FortiAnalyzer, FortiManager
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-52968
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.05% / 16.13%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 16:09
Updated-16 Jul, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password.

Action-Not Available
Vendor-Fortinet, Inc.
Product-forticlientFortiClientMac
CWE ID-CWE-287
Improper Authentication
CVE-2024-31496
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 8.07%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 18:53
Updated-21 Jan, 2025 | 22:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzer_big_datafortimanagerfortianalyzerFortiManagerFortiAnalyzer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-22301
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.34%
||
7 Day CHG~0.00%
Published-02 Mar, 2022 | 10:00
Updated-25 Oct, 2024 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiap-cFortinet FortiAP-C
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-27999
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.6||HIGH
EPSS-0.17% / 38.69%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 21:26
Updated-23 Oct, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiadcFortiADC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-25607
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.4||HIGH
EPSS-0.15% / 36.24%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 16:51
Updated-22 Oct, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC  7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzerfortiadcfortimanagerFortiManagerFortiADCFortiAnalyzer
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-22127
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.1||HIGH
EPSS-0.31% / 53.67%
||
7 Day CHG~0.00%
Published-06 Apr, 2022 | 16:00
Updated-25 Oct, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name.

Action-Not Available
Vendor-Fortinet, Inc.
Product-forticlientFortinet FortiClientLinux
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-26210
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.76%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 08:41
Updated-23 Oct, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiadc_managerfortiadcFortiADCManagerFortiADC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-23779
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.17% / 38.46%
||
7 Day CHG+0.02%
Published-16 Feb, 2023 | 18:06
Updated-23 Oct, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-23777
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.2||HIGH
EPSS-0.31% / 53.50%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 08:49
Updated-23 Oct, 2024 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-27778
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.3||HIGH
EPSS-0.23% / 45.81%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:09
Updated-31 Jan, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisandboxFortiSandbox
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-40679
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.1||HIGH
EPSS-0.11% / 30.13%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 16:05
Updated-23 Oct, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiddosfortiadcfortiddos-fFortiADCFortiDDoSFortiDDoS-F
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2015-3611
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-6.69% / 90.86%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 19:14
Updated-06 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortimanagern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-39947
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.6||HIGH
EPSS-1.61% / 81.03%
||
7 Day CHG+0.21%
Published-03 Jan, 2023 | 16:58
Updated-07 Nov, 2023 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiadcFortiADC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-39951
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.2||HIGH
EPSS-0.33% / 55.53%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 16:04
Updated-23 Oct, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-23109
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.7||CRITICAL
EPSS-4.72% / 88.97%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 13:26
Updated-01 Aug, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisiemFortiSIEMfortisiem
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-35845
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.6||HIGH
EPSS-1.09% / 77.01%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 16:57
Updated-07 Nov, 2023 | 03:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortiTester
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-21755
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.6||HIGH
EPSS-0.77% / 72.57%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 14:24
Updated-23 Dec, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisandboxFortiSandboxfortisandbox
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-35849
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.4||HIGH
EPSS-0.31% / 53.86%
||
7 Day CHG~0.00%
Published-13 Sep, 2023 | 12:30
Updated-22 Oct, 2024 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiadcFortiADC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33869
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8||HIGH
EPSS-0.51% / 65.41%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 18:07
Updated-23 Oct, 2024 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwanFortiWAN
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33874
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.60% / 80.94%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 00:00
Updated-25 Oct, 2024 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortinet FortiTester
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-21756
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.6||HIGH
EPSS-0.77% / 72.57%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 14:24
Updated-23 Dec, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests..

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisandboxFortiSandboxfortisandbox
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33872
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.60% / 80.94%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 00:00
Updated-25 Oct, 2024 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortinet FortiTester
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-33870
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.84%
||
7 Day CHG~0.00%
Published-02 Nov, 2022 | 00:00
Updated-25 Oct, 2024 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortinet FortiTester
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-4965
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-7.70% / 91.54%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortiwann/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-44171
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9||CRITICAL
EPSS-0.26% / 48.83%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 00:00
Updated-25 Oct, 2024 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortinet FortiOS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-41018
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.8||HIGH
EPSS-0.77% / 72.48%
||
7 Day CHG~0.00%
Published-02 Feb, 2022 | 11:25
Updated-25 Oct, 2024 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortiwebn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36195
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.28% / 50.87%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 18:14
Updated-25 Oct, 2024 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortinet FortiWeb
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36180
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.1||HIGH
EPSS-0.74% / 72.02%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 10:46
Updated-25 Oct, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortinet FortiWeb
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-48782
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.6||HIGH
EPSS-5.70% / 90.05%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 06:37
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwlmFortiWLM
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36185
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.8||HIGH
EPSS-2.48% / 84.68%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 18:45
Updated-25 Oct, 2024 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwlmFortinet FortiWLM
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-29061
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.2||HIGH
EPSS-0.71% / 71.39%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 06:55
Updated-25 Oct, 2024 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisoarFortinet FortiSOAR
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-26115
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.6||HIGH
EPSS-0.29% / 52.34%
||
7 Day CHG~0.00%
Published-19 Dec, 2024 | 10:57
Updated-21 Jan, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwanFortiWAN
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-26097
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.97%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 15:54
Updated-25 Oct, 2024 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisandboxFortinet FortiSandbox
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-24023
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.62%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 10:30
Updated-25 Oct, 2024 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiai_3500ffortiai_firmwareFortinet FortiAI
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-24015
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.2||HIGH
EPSS-0.31% / 53.89%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 13:25
Updated-25 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortimailFortinet FortiMail
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-24009
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.2||HIGH
EPSS-0.33% / 54.85%
||
7 Day CHG~0.00%
Published-06 Apr, 2022 | 09:15
Updated-25 Oct, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwanFortinet FortiWAN
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-22123
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.6||HIGH
EPSS-85.70% / 99.33%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:58
Updated-25 Oct, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortinet FortiWeb
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found