OS Command Injection Vulnerability in FortiExtender by Fortinet
CVE-2019-15710

7.2HIGH

Key Information:

Vendor: Fortinet
Status: Fortiextender
Vendor: CVE Published:; 31 October 2019

Summary

An OS command injection vulnerability exists in FortiExtender versions 4.1.0, 4.1.1, and 4.0.0 and below. This flaw allows unauthorized individuals with CLI admin console access to execute arbitrary system-level commands by leveraging specially crafted input in the 'execute date' command. Malicious actors could exploit this vulnerability, compromising the system's integrity and potentially leading to unauthorized access or data loss.

Affected Version(s)

FortiExtender 4.1.0 to 4.1.1

FortiExtender 4.0.0 and below

References

https://fortiguard.com/psirt/FG-IR-19-273

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2019
Vulnerability Reserved
Aug 27, 2019