CVE-2023-37937

Summary

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSwitch7.4.0affected
FortinetFortiSwitch7.2.0 <= 7.2.5affected
FortinetFortiSwitch7.0.0 <= 7.0.7affected
FortinetFortiSwitch6.4.0 <= 6.4.13affected
FortinetFortiSwitch6.2.0 <= 6.2.7affected
FortinetFortiSwitch6.0.0 <= 6.0.7affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References