OS Command Injection Vulnerability in Fortinet FortiADC
CVE-2023-26210

7.8HIGH

Key Information:

Vendor: Fortinet
Status: Fortiadcmanager; Fortiadc
Vendor: CVE Published:; 13 June 2023

Summary

Fortinet FortiADC is susceptible to multiple improper neutralization vulnerabilities, enabling local authenticated attackers to execute arbitrary shell commands as the root user. This risk arises from crafted Command-Line Interface (CLI) requests that exploit weaknesses in the software's handling of input. Users are advised to promptly apply the latest patches to mitigate this security concern.

Affected Version(s)

FortiADC 7.2.0

FortiADC 7.1.0 <= 7.1.1

FortiADC 7.0.0 <= 7.0.5

References

https://fortiguard.com/psirt/FG-IR-23-076

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
Feb 20, 2023