← volver
CVE-2021-26104

CVE-2021-26104

CVSS 7.8 HIGHEPSS 3.2%
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.8EPSS 3.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
06 abr 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C
Productos afectados
Fortinet · Fortinet FortiManager, FortiAnalyzer, FortiPortal

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://fortiguard.com/advisory/FG-IR-21-037https://github.com/orangecertcc/security-research/security/advisories/GHSA-f73m-fvj3-m2pm