| IR Number | FG-IR-21-033 |
| Date | May 5, 2021 |
| Severity |
High |
| CVSSv3 Score | 7.4 |
| Impact | Execution of arbitrary code |
| CVE ID | CVE-2021-24023 |
| Affected Products |
FortiNDR
:
1.4.0, 1.3.1, 1.3.0, 1.2.0, 1.1.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiAI - OS command injection due to improper input sanitization
Summary
An improper input validation in FortiAI v1.4.0 may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command.
Affected Products
Any FortiAI firmware less than or equal to v1.4.0 is impacted.Solutions
Upgrade the FortiAI firmware to any version greater than or equal to v1.5.0