An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HFortinet Fortiswitch
OSFortinet7.4.06.0.0 – 6.2.8 (bez)6.4.0 – 6.4.14 (bez)7.0.0 – 7.0.8 (bez)7.2.0 – 7.2.6 (bez)
Powiązane podatności
Fortinet FortiSwitch — nieautoryzowana zmiana hasła administratora (RCE-ready)
Buffer Underflow w interfejsie administracyjnym Fortinet FortiOS / FortiProxy — RCE bez uwierzytelnienia
Fortinet FortiSwitch — użycie zakodowanego klucza kryptograficznego umożliwia RCE
Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D...
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x bef...