CVE-2023-26210

Summary

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] vulnerability in Fortinet allows a local authenticated attacker to execute arbitrary shell code as root user via crafted CLI requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiADC7.2.0affected
FortinetFortiADC7.1.0 <= 7.1.1affected
FortinetFortiADC7.0.0 <= 7.0.6affected
FortinetFortiADC6.2.0 <= 6.2.6affected
FortinetFortiADC6.1.0 <= 6.1.6affected
FortinetFortiADC6.0.0 <= 6.0.4affected
FortinetFortiADC5.4.0 <= 5.4.5affected
FortinetFortiADC5.3.0 <= 5.3.7affected
FortinetFortiADC5.2.0 <= 5.2.8affected
FortinetFortiADCManager7.1.0affected
FortinetFortiADCManager7.0.0affected
FortinetFortiADCManager6.2.0 <= 6.2.1affected
FortinetFortiADCManager6.1.0affected
FortinetFortiADCManager6.0.0affected
FortinetFortiADCManager5.4.0affected
FortinetFortiADCManager5.3.0affected
FortinetFortiADCManager5.2.0 <= 5.2.1affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References