CVE-2021-36195

CVSS 4.2 MEDIUMEPSS 1.1%

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.2EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

08 Dec 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C

Affected products

Fortinet · Fortinet FortiWeb

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.com/advisory/FG-IR-21-157