PT-2021-21174 · Fortinet · Fortiweb
Published
2021-12-08
·
Updated
2021-12-10
·
CVE-2021-36195
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
FortiWeb versions 6.1.0 through 6.1.2
FortiWeb versions 6.2.0 through 6.2.6
FortiWeb versions 6.3.0 through 6.3.15
FortiWeb versions 6.4.0 and 6.4.1
Description
Multiple command injection vulnerabilities in the command line interpreter may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments.
Recommendations
For FortiWeb versions 6.1.0 through 6.1.2, update to a version that fixes the command injection vulnerabilities.
For FortiWeb versions 6.2.0 through 6.2.6, update to a version that fixes the command injection vulnerabilities.
For FortiWeb versions 6.3.0 through 6.3.15, update to a version that fixes the command injection vulnerabilities.
For FortiWeb versions 6.4.0 and 6.4.1, update to a version that fixes the command injection vulnerabilities.
As a temporary workaround, consider restricting access to the command line interpreter to minimize the risk of exploitation.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiweb