Improper Input Validation in FortiAI v1.4.0 and Earlier Allows Authenticated User to Gain System Shell Access via Malicious Payload in diagnose Command

Improper Input Validation in FortiAI v1.4.0 and Earlier Allows Authenticated User to Gain System Shell Access via Malicious Payload in diagnose Command

CVE-2021-24023 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command.

Learn more about our User Device Pen Test.