CVE-2021-24009

Name of the Vulnerable Software and Affected Versions FortiWAN versions prior to 4.5.9

Description The issue is related to the improper neutralization of special elements used in an OS command in the FortiWAN web interface. This could allow a remote attacker to execute arbitrary commands on the underlying system's shell by sending specially crafted HTTP requests. The attacker must be authenticated to exploit this issue.

Recommendations For versions prior to 4.5.9, update to version 4.5.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.