OS Command Injection Vulnerability in FortiADC by Fortinet
CVE-2023-27999

7.6HIGH

Key Information:

Vendor: Fortinet
Status: Fortiadc
Vendor: CVE Published:; 3 May 2023

What is CVE-2023-27999?

An improper neutralization of special elements used in operating system commands exists within FortiADC versions 7.2.0, 7.1.0, and 7.1.1. This vulnerability allows an authenticated attacker to exploit the system by executing unauthorized commands through specially crafted arguments to existing commands. Proper mitigation and updates are recommended to safeguard against potential exploitation.

Affected Version(s)

FortiADC 7.2.0

FortiADC 7.1.0 <= 7.1.1

References

https://fortiguard.com/psirt/FG-IR-22-297

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2023
Vulnerability Reserved
Mar 9, 2023