PT-2021-3591 · Fortinet · Fortiwan
Published
2021-07-07
·
Updated
2025-01-21
·
CVE-2021-26115
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FortiWAN versions 4.5.7 and earlier
Description
The issue exists due to the lack of neutralization of special elements used in the operating system command. Exploitation of this issue may allow an attacker to escalate their privileges. A local, authenticated, and unprivileged attacker may be able to escalate their privileges to root via executing a specially-crafted command. This is an OS command injection issue.
Recommendations
For FortiWAN versions 4.5.7 and earlier, update to a version that includes a fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OS Command Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fortiwan