FortiMail - OS Command injection
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-021
Final
1
1
2021-07-07T00:00:00
Current version
2021-07-07T00:00:00
2021-07-07T00:00:00
An improper neutralization of special elementsused in an OS Command vulnerability (CWE-78) in FortiMail's administrative interface may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.
Execute unauthorized code or commands
FortiMail 6.4.3 FortiMail 6.2.6 FortiMail 6.0.10 FortiMail 5.4.12
Please upgrade to FortiMail version 7.0.0 or above Please upgrade to FortiMail version 6.4.4 or above Please upgrade to FortiMail version 6.2.7 or above Please upgrade to FortiMail version 6.0.11 or above
Internally discovered and reported by Giuseppe Cocomazzi of Fortinet PSIRT.
FortiMail 6.4.3
FortiMail 6.4.2
FortiMail 6.4.1
FortiMail 6.4.0
FortiMail 6.2.6
FortiMail 6.2.5
FortiMail 6.2.4
FortiMail 6.2.3
FortiMail 6.2.2
FortiMail 6.2.1
FortiMail 6.2.0
FortiMail 6.0.10
FortiMail 6.0.9
FortiMail 6.0.8
FortiMail 6.0.7
FortiMail 6.0.6
FortiMail 6.0.5
FortiMail 6.0.4
FortiMail 6.0.3
FortiMail 6.0.2
FortiMail 6.0.1
FortiMail 6.0.0
FortiMail 5.4.12
FortiMail 5.4.11
FortiMail 5.4.10
FortiMail 5.4.9
FortiMail 5.4.8
FortiMail 5.4.7
FortiMail 5.4.6
FortiMail 5.4.5
FortiMail 5.4.4
FortiMail 5.4.3
FortiMail 5.4.2
FortiMail 5.4.1
FortiMail 5.4.0
FortiMail 5.3.13
FortiMail 5.3.12
FortiMail 5.3.10
FortiMail 5.3.9
FortiMail 5.3.8
FortiMail 5.3.7
FortiMail 5.3.6
FortiMail 5.3.5
FortiMail 5.3.4
FortiMail 5.3.3
FortiMail 5.3.2
FortiMail 5.3.1
FortiMail 5.3.0
FortiMail 5.2.10
FortiMail 5.2.9
FortiMail 5.2.8
FortiMail 5.2.7
FortiMail 5.2.6
FortiMail 5.2.5
FortiMail 5.2.4
FortiMail 5.2.3
FortiMail 5.2.2
FortiMail 5.2.1
FortiMail 5.2.0
FortiMail 5.1.7
FortiMail 5.1.6
FortiMail 5.1.5
FortiMail 5.1.4
FortiMail 5.1.3
FortiMail 5.1.2
FortiMail 5.1.1
FortiMail 5.1.0
FortiMail 5.0.11
FortiMail 5.0.10
FortiMail 5.0.9
FortiMail 5.0.8
FortiMail 5.0.7
FortiMail 5.0.6
FortiMail 5.0.5
FortiMail 5.0.4
FortiMail 5.0.3
FortiMail 5.0.2
FortiMail 5.0.1
FortiMail 5.0.0
FortiMail - OS Command injection
CVE-2021-24015
FortiMail-6.4.3
FortiMail-6.4.2
FortiMail-6.4.1
FortiMail-6.4.0
FortiMail-6.2.6
FortiMail-6.2.5
FortiMail-6.2.4
FortiMail-6.2.3
FortiMail-6.2.2
FortiMail-6.2.1
FortiMail-6.2.0
FortiMail-6.0.10
FortiMail-6.0.9
FortiMail-6.0.8
FortiMail-6.0.7
FortiMail-6.0.6
FortiMail-6.0.5
FortiMail-6.0.4
FortiMail-6.0.3
FortiMail-6.0.2
FortiMail-6.0.1
FortiMail-6.0.0
FortiMail-5.4.12
FortiMail-5.4.11
FortiMail-5.4.10
FortiMail-5.4.9
FortiMail-5.4.8
FortiMail-5.4.7
FortiMail-5.4.6
FortiMail-5.4.5
FortiMail-5.4.4
FortiMail-5.4.3
FortiMail-5.4.2
FortiMail-5.4.1
FortiMail-5.4.0
FortiMail-5.3.13
FortiMail-5.3.12
FortiMail-5.3.10
FortiMail-5.3.9
FortiMail-5.3.8
FortiMail-5.3.7
FortiMail-5.3.6
FortiMail-5.3.5
FortiMail-5.3.4
FortiMail-5.3.3
FortiMail-5.3.2
FortiMail-5.3.1
FortiMail-5.3.0
FortiMail-5.2.10
FortiMail-5.2.9
FortiMail-5.2.8
FortiMail-5.2.7
FortiMail-5.2.6
FortiMail-5.2.5
FortiMail-5.2.4
FortiMail-5.2.3
FortiMail-5.2.2
FortiMail-5.2.1
FortiMail-5.2.0
FortiMail-5.1.7
FortiMail-5.1.6
FortiMail-5.1.5
FortiMail-5.1.4
FortiMail-5.1.3
FortiMail-5.1.2
FortiMail-5.1.1
FortiMail-5.1.0
FortiMail-5.0.11
FortiMail-5.0.10
FortiMail-5.0.9
FortiMail-5.0.8
FortiMail-5.0.7
FortiMail-5.0.6
FortiMail-5.0.5
FortiMail-5.0.4
FortiMail-5.0.3
FortiMail-5.0.2
FortiMail-5.0.1
FortiMail-5.0.0
7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-21-021
FortiMail - OS Command injection
Reference>