OS Command Injection in Fortinet FortiADCManager and FortiADC

OS Command Injection in Fortinet FortiADCManager and FortiADC

CVE-2023-26210 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.

Learn more about our Cis Benchmark Audit For Fortinet.