CVE-2021-24016

3.7LOW

Key Information:

Vendor: Fortinet
Status: Fortinet Fortimanager
Vendor: CVE Published:; 30 September 2021

Summary

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.

Affected Version(s)

Fortinet FortiManager FortiManager 6.4.3, 6.2.7

References

https://fortiguard.com/advisory/FG-IR-20-190

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 30, 2021
Vulnerability Reserved
Jan 13, 2021