CVE-2021-43075

Name of the Vulnerable Software and Affected Versions Fortinet FortiWLM versions 8.6.2 and below Fortinet FortiWLM versions 8.5.2 and below Fortinet FortiWLM versions 8.4.2 and below Fortinet FortiWLM versions 8.3.2 and below

Description The issue is related to an improper neutralization of special elements used in an os command, also known as 'os command injection', which allows an attacker to execute unauthorized code or commands. This can be achieved via crafted HTTP requests to specific handlers, such as the alarm dashboard and controller config handlers.

Recommendations For Fortinet FortiWLM versions 8.6.2 and below, consider disabling access to the alarm dashboard and controller config handlers until a patch is available. For Fortinet FortiWLM versions 8.5.2 and below, restrict access to the vulnerable HTTP request handlers to minimize the risk of exploitation. For Fortinet FortiWLM versions 8.4.2 and below, avoid using the vulnerable os command functionality in the affected versions until the issue is resolved. For Fortinet FortiWLM versions 8.3.2 and below, as a temporary workaround, consider implementing additional security measures to monitor and block suspicious HTTP requests to the affected handlers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.