HIGH🇬🇧 English

CVE-2021-26115

CVSS 7.8v3.1pub. 2024-12-19upd. 2025-01-21

An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Fortiwan

    APP
    Fortinet
    < 4.5.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2021-26102CRITICAL9.8PL ✓ten sam produkt

Path traversal umożliwiający usunięcie plików i reset hasła admina w FortiWAN

CVE-2021-26114CRITICAL9.8ten sam produkt

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before...

CVE-2023-44251HIGH8.3ten sam produkt

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal'...

CVE-2023-44252HIGH8.8ten sam produkt

** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version...

CVE-2022-33869HIGH8.8ten sam produkt

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management ...