[FortiNDR] OS command injection due to improper input sanitization
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-033
Final
1
1
2021-05-05T00:00:00
Current version
2021-05-05T00:00:00
2021-05-05T00:00:00
An improper input validation in FortiNDR v1.4.0 may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command.
Execute unauthorized code or commands
FortiNDR 1.5 all versions are not affectedFortiNDR 1.4 all versionsFortiNDR 1.3 all versionsFortiNDR 1.2 all versionsFortiNDR 1.1 all versions
Upgrade the FortiNDR firmware to any version greater than or equal to v1.5.0
FortiNDR 1.4.0
FortiNDR 1.3.1
FortiNDR 1.3.0
FortiNDR 1.2.0
FortiNDR 1.1.0
[FortiNDR] OS command injection due to improper input sanitization
CVE-2021-24023
FortiNDR-1.4.0
FortiNDR-1.3.1
FortiNDR-1.3.0
FortiNDR-1.2.0
FortiNDR-1.1.0
7.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-21-033
[FortiNDR] OS command injection due to improper input sanitization
Reference>