FortiWAN - OS command injection leads to privilege escalation
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-069
Final
1
1
2021-07-07T00:00:00
Current version
2021-07-07T00:00:00
2021-07-07T00:00:00
An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.
Escalation of privilege
FortiWAN versions 4.5.7 and below.
Please upgrade to FortiWAN version 4.5.8 or above.
Fortinet is pleased to thank Resecurity, Inc for bringing this issue to our attention under responsible disclosure.
FortiWAN 4.5.7
FortiWAN 4.5.6
FortiWAN 4.5.5
FortiWAN 4.5.4
FortiWAN 4.5.3
FortiWAN 4.5.2
FortiWAN 4.5.1
FortiWAN 4.5.0
FortiWAN 4.4.1
FortiWAN 4.4.0
FortiWAN 4.3.1
FortiWAN 4.3.0
FortiWAN 4.2.7
FortiWAN 4.2.6
FortiWAN 4.2.5
FortiWAN 4.2.2
FortiWAN 4.2.1
FortiWAN 4.1.3
FortiWAN 4.1.2
FortiWAN 4.1.1
FortiWAN 4.0.6
FortiWAN 4.0.5
FortiWAN 4.0.4
FortiWAN 4.0.3
FortiWAN 4.0.2
FortiWAN 4.0.1
FortiWAN 4.0.0
FortiWAN - OS command injection leads to privilege escalation
CVE-2021-26115
FortiWAN-4.5.7
FortiWAN-4.5.6
FortiWAN-4.5.5
FortiWAN-4.5.4
FortiWAN-4.5.3
FortiWAN-4.5.2
FortiWAN-4.5.1
FortiWAN-4.5.0
FortiWAN-4.4.1
FortiWAN-4.4.0
FortiWAN-4.3.1
FortiWAN-4.3.0
FortiWAN-4.2.7
FortiWAN-4.2.6
FortiWAN-4.2.5
FortiWAN-4.2.2
FortiWAN-4.2.1
FortiWAN-4.1.3
FortiWAN-4.1.2
FortiWAN-4.1.1
FortiWAN-4.0.6
FortiWAN-4.0.5
FortiWAN-4.0.4
FortiWAN-4.0.3
FortiWAN-4.0.2
FortiWAN-4.0.1
FortiWAN-4.0.0
7.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-21-069
FortiWAN - OS command injection leads to privilege escalation
Reference>