Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| fortinet | fortianalyzer | 5.6.0 - 6.0.11 | - |
| fortinet | fortianalyzer | 6.2.0 - 6.2.8 | - |
| fortinet | fortianalyzer |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9
Affected Products
4
References
fortinet / fortianalyzer
| 6.4.0 - 6.4.6 |
| - |
| fortinet | fortimanager | 5.6.0 - 6.0.11 | - |
| fortinet | fortimanager | 6.2.0 - 6.2.8 | - |
| fortinet | fortimanager | 6.4.0 - 6.4.6 | - |
| fortinet | fortiportal | 5.2.6 | - |
| fortinet | fortiportal | 5.3.0 - 5.3.6 | - |
| fortinet | fortiportal | 6.0.0 - 6.0.5 | - |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact