PT-2019-4297 · Fortinet · Fortiextender

Publicado

2019-10-31

Atualizado

2019-11-06

CVE-2019-15710

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FortiExtender versions 4.0.0 and below FortiExtender versions 4.1.0 through 4.1.1

Description The issue is related to insufficient argument validation in the command-line interface of the FortiExtender signal amplifier firmware. This can be exploited by a remote attacker to execute arbitrary commands. The vulnerability allows unauthorized administrators to run arbitrary system-level commands via specially crafted commands.

Recommendations For FortiExtender versions 4.0.0 and below, update to a version that includes the fix for this issue. For FortiExtender versions 4.1.0 through 4.1.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the CLI admin console to minimize the risk of exploitation.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

BDU:2020-00012

CVE-2019-15710

Produtos afetados

Fortiextender

PT-2019-4297 · Fortinet · Fortiextender

CVE-2019-15710

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4