CVE-2019-15710

7.2HIGH

Key Information:

Vendor: Fortinet
Status: Fortiextender
Vendor: CVE Published:; 31 October 2019

Summary

An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands.

Affected Version(s)

FortiExtender 4.1.0 to 4.1.1

FortiExtender 4.0.0 and below

References

https://fortiguard.com/psirt/FG-IR-19-273

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2019
Vulnerability Reserved
Aug 27, 2019