Multiple OS command injection vulnerabilities Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-037 Final 1 1 2021-08-03T00:00:00 Current version 2021-08-03T00:00:00 2021-08-03T00:00:00 Multiple OS command injection [CWE-78] vulnerabilities in the command line interface of FortiManager, FortiAnalyzer, and FortiPortal may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters. Execute unauthorized code or commands FortiManager versions 6.2.7 and below.FortiManager versions 6.4.5 and below.FortiManager versions 5.6.x, 6.2.x and 6.0.x are also impacted.FortiAnalyzer versions 6.2.7 and below.FortiAnalyzer versions 6.4.5 and below.FortiAnalyzer versions 5.6.x, 6.2.x and 6.0.x also are impacted.FortiPortal version 5.2.5 and below. FortiPortal version 5.3.5 and below. FortiPortal version 6.0.4 and below. Please upgrade to FortiManager version 6.0.11 or above.Please upgrade to FortiManager version 6.2.8 or above.Please upgrade to FortiManager version 6.4.6 or above.Please upgrade to FortiManager version 7.0.0 or above.Please upgrade to FortiAnalyzer version 6.0.11 or above.Please upgrade to FortiAnalyzer version 6.2.8 or above.Please upgrade to FortiAnalyzer version 6.4.6 or above.Please upgrade to FortiAnalyzer version 7.0.0 or above.Please upgrade to FortiPortal version 5.2.6 or above. Please upgrade to FortiPortal version 5.3.6 or above. Please upgrade to FortiPortal version 6.0.5 or above. Fortinet is pleased to thank Orange-CERT Coordination Center for reporting this vulnerability under responsible disclosure. CVE-2021-26104 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-037 Multiple OS command injection vulnerabilities Reference>