| IR Number | FG-IR-21-110 |
| Date | Nov 2, 2021 |
| Severity |
High |
| CVSSv3 Score | 8.3 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2021-36185 |
| Affected Products |
FortiWLM
:
8.6.1, 8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.2, 8.4.1, 8.4.0, 8.3.2, 8.3.1, 8.3.0, 8.2.2
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiWLM - Command injection in script handlers
Summary
An improper neutralization of special elements used in an OS command vulnerability ('OS Command Injection') [CWE-78] in FortiWLM may allow an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests to various controllers.
Affected Products
FortiWLM version 8.6.1 and below are impacted.
Solutions
Upgrade to FortiWLM version 8.6.2 or earlier.