| IR Number | FG-IR-21-120 |
| Date | Dec 7, 2021 |
| Component | GUI |
| Severity |
High |
| CVSSv3 Score | 8.6 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2021-36180 |
| Affected Products |
FortiWeb
:
6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.9.2, 5.9.1, 5.9.0, 5.8.7, 5.8.6, 5.8.5, 5.8.3, 5.8.2, 5.8.1, 5.8.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiWeb - OS command injection
Summary
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.
Affected Products
FortiWeb version 6.4.1.
FortiWeb version 6.3.15 and below.
FortiWeb version 6.2.5 and below.
FortiWeb version 6.1.x.
FortiWeb version 6.0.x.
FortiWeb version 5.9.x.
FortiWeb version 5.8.x.
Solutions
Please upgrade to FortiWeb 6.4.2 or above.
Please upgrade to FortiWeb 6.3.16 or above.
Please upgrade to FortiWeb 6.2.6 or above.