OS Command Injection Vulnerability in Fortinet FortiWLC Products
CVE-2017-7341

7.2HIGH

Key Information:

Vendor: Fortinet
Status: Fortiwlc
Vendor: CVE Published:; 26 October 2017

Summary

An OS Command Injection vulnerability exists in Fortinet FortiWLC that allows an authenticated admin user to execute arbitrary system console commands through specially crafted HTTP requests. This flaw affects specific versions of FortiWLC, enabling risks of unauthorized command execution if exploited. System administrators are advised to review and mitigate this vulnerability to safeguard against potential abuse.

References

https://fortiguard.com/psirt/FG-IR-17-119

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101273

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 26, 2017
Vulnerability Reserved
Mar 30, 2017