FortiExtender os command injection through execute date CLI command Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-19-273 Final 1 1 2019-11-01T00:00:00 Current version 2019-11-01T00:00:00 2019-11-01T00:00:00 An OS command injection vulnerability in FortiExtender CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands. Execute unauthorized code or commands FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below Upgrade to FortiExtender 4.0.1 or 4.1.2Revision History:2019-10-28 Initial version2019-11-01 Add 4.0 branch fix information. Fortinet is pleased to thank "NYC Cyber Command" for reporting this vulnerability under responsible disclosure. FortiExtender 4.1.1 FortiExtender 4.0.0 FortiExtender 3.3.3 FortiExtender 3.3.2 FortiExtender 3.3.1 FortiExtender 3.3.0 FortiExtender 3.2.4 FortiExtender 3.2.3 FortiExtender 3.2.2 FortiExtender 3.2.1 FortiExtender 3.1.2 FortiExtender 3.1.1 FortiExtender 3.1.0 FortiExtender 3.0.2 FortiExtender 3.0.1 FortiExtender 3.0.0 FortiExtender 0.4.10 CVE-2019-15710 FortiExtender-4.1.1 FortiExtender-4.0.0 FortiExtender-3.3.3 FortiExtender-3.3.2 FortiExtender-3.3.1 FortiExtender-3.3.0 FortiExtender-3.2.4 FortiExtender-3.2.3 FortiExtender-3.2.2 FortiExtender-3.2.1 FortiExtender-3.1.2 FortiExtender-3.1.1 FortiExtender-3.1.0 FortiExtender-3.0.2 FortiExtender-3.0.1 FortiExtender-3.0.0 FortiExtender-0.4.10 6.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-19-273 FortiExtender os command injection through execute date CLI command Reference>