FortiWLM - command Injection in script handlers
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-128
Final
1
1
2022-03-01T00:00:00
Current version
2022-03-01T00:00:00
2022-03-01T00:00:00
An improper neutralization of special elements used in an OS command ('OS Command Injection') [CWE-78] vulnerability in FortiWLM may allow an authenticated attacker to execute arbitrary shell commands via crafted HTTP requests to the alarm dashboard and controller config handlers.
None
Execute unauthorized code or commands
FortiWLM version 8.6.2 and below FortiWLM version 8.5.2 and below FortiWLM version 8.4.2 and below
Upgrade to FortiWLM version 8.6.3 or above.
Internally discovered and reported by Mattia Fecit of Fortinet Product Security Team.
FortiWLM 8.6.2
FortiWLM 8.6.1
FortiWLM 8.6.0
FortiWLM 8.5.3
FortiWLM 8.5.2
FortiWLM 8.5.1
FortiWLM 8.5.0
FortiWLM 8.4.2
FortiWLM 8.4.1
FortiWLM 8.4.0
FortiWLM 8.3.2
FortiWLM 8.3.1
FortiWLM 8.3.0
FortiWLM 8.2.2
FortiWLM - command Injection in script handlers
CVE-2021-43075
FortiWLM-8.6.2
FortiWLM-8.6.1
FortiWLM-8.6.0
FortiWLM-8.5.3
FortiWLM-8.5.2
FortiWLM-8.5.1
FortiWLM-8.5.0
FortiWLM-8.4.2
FortiWLM-8.4.1
FortiWLM-8.4.0
FortiWLM-8.3.2
FortiWLM-8.3.1
FortiWLM-8.3.0
FortiWLM-8.2.2
8.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-21-128
FortiWLM - command Injection in script handlers
Reference>