| IR Number | FG-IR-22-048 |
| Date | Feb 16, 2023 |
| Severity |
High |
| CVSSv3 Score | 7 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2022-27489 |
| Affected Products |
FortiExtender
:
7.0.3, 7.0.2, 7.0.1, 7.0.0, 5.3.2, 4.2.4, 4.2.3, 4.2.2, 4.2.1, 4.2.0, 4.1.8, 4.1.7, 4.1.6, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.0.2, 4.0.1, 4.0.0, 3.3.2, 3.3.1, 3.3.0, 3.2.3, 3.2.2, 3.2.1, 3.1.2, 3.1.1, 3.1.0, 3.0.2, 3.0.1, 3.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiExtender - multiple command injection vulnerabilities in webserver
Summary
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the webserver of FortiExtender may allow a privileged attacker to execute arbitrary OS commands via specially crafted input parameters.
Affected Products
FortiExtender version 7.0.0 through 7.0.3FortiExtender version 4.2.0 through 4.2.4
FortiExtender version 4.1.1 through 4.1.8
FortiExtender version 4.0.0 through 4.0.2
FortiExtender version 3.3.0 through 3.3.2
FortiExtender version 3.2.1 through 3.2.3
FortiExtender 5.3 all versions
FortiExtender 3.1 all versions
FortiExtender 3.0 all versions
Solutions
Upgrade to FortiExtender version 7.2.0 and above
Upgrade to FortiExtender version 7.0.4 and above
Upgrade to FortiExtender version 4.2.5 and above
Upgrade to FortiExtender upcoming version 4.1.9 and above
Upgrade to FortiExtender upcoming version 4.0.3 and above
Upgrade to FortiExtender version 3.3.3 and above
Upgrade to FortiExtender version 3.2.4 and above