HIGH🇵🇱 Wersja polska

CVE-2023-37937

CVSS 7.8v3.1pub. 2025-01-14upd. 2025-01-31

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Fortiswitch

    OS
    Fortinet
    7.4.06.0.0 – 6.2.8 (bez)6.4.0 – 6.4.14 (bez)7.0.0 – 7.0.8 (bez)7.2.0 – 7.2.6 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2024-48887CRITICAL9.8PL ✓ten sam produkt

Fortinet FortiSwitch — nieautoryzowana zmiana hasła administratora (RCE-ready)

CVE-2023-25610CRITICAL9.8PL ✓ten sam produkt

Buffer Underflow w interfejsie administracyjnym Fortinet FortiOS / FortiProxy — RCE bez uwierzytelnienia

CVE-2023-37936CRITICAL9.8PL ✓ten sam produkt

Fortinet FortiSwitch — użycie zakodowanego klucza kryptograficznego umożliwia RCE

CVE-2016-4573CRITICAL9.8ten sam produkt

Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D...

CVE-2016-6909CRITICAL9.8ten sam produkt

Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x bef...