Multiple command injection vulnerabilities in webserver

Multiple command injection vulnerabilities in webserver Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-048 Final 1 1 2023-02-16T00:00:00 Current version 2023-02-16T00:00:00 2023-02-16T00:00:00 An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the webserver of FortiExtender may allow a privileged attacker to execute arbitrary OS commands via specially crafted input parameters. None Execute unauthorized code or commands FortiExtender 7.2 all versions are not affectedFortiExtender version 7.0.0 through 7.0.3FortiExtender 5.3 all versionsFortiExtender version 4.2.0 through 4.2.4FortiExtender version 4.1.1 through 4.1.8FortiExtender version 4.0.0 through 4.0.2FortiExtender version 3.3.0 through 3.3.2FortiExtender version 3.2.1 through 3.2.3FortiExtender 3.1 all versionsFortiExtender 3.0 all versionsFortiExtender 0.4 all versions are not affected Upgrade to FortiExtender version 7.2.0 and aboveUpgrade to FortiExtender version 7.0.4 and aboveUpgrade to FortiExtender version 4.2.5 and aboveUpgrade to FortiExtender upcoming version 4.1.9 and aboveUpgrade to FortiExtender upcoming version 4.0.3 and aboveUpgrade to FortiExtender version 3.3.3 and aboveUpgrade to FortiExtender version 3.2.4 and above Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team. FortiExtender 7.0.3 FortiExtender 7.0.2 FortiExtender 7.0.1 FortiExtender 7.0.0 FortiExtender 5.3.2 FortiExtender 4.2.4 FortiExtender 4.2.3 FortiExtender 4.2.2 FortiExtender 4.2.1 FortiExtender 4.2.0 FortiExtender 4.1.8 FortiExtender 4.1.7 FortiExtender 4.1.6 FortiExtender 4.1.5 FortiExtender 4.1.4 FortiExtender 4.1.3 FortiExtender 4.1.2 FortiExtender 4.1.1 FortiExtender 4.0.2 FortiExtender 4.0.1 FortiExtender 4.0.0 FortiExtender 3.3.2 FortiExtender 3.3.1 FortiExtender 3.3.0 FortiExtender 3.2.3 FortiExtender 3.2.2 FortiExtender 3.2.1 FortiExtender 3.1.2 FortiExtender 3.1.1 FortiExtender 3.1.0 FortiExtender 3.0.2 FortiExtender 3.0.1 FortiExtender 3.0.0 Multiple command injection vulnerabilities in webserver CVE-2022-27489 FortiExtender-7.0.3 FortiExtender-7.0.2 FortiExtender-7.0.1 FortiExtender-7.0.0 FortiExtender-5.3.2 FortiExtender-4.2.4 FortiExtender-4.2.3 FortiExtender-4.2.2 FortiExtender-4.2.1 FortiExtender-4.2.0 FortiExtender-4.1.8 FortiExtender-4.1.7 FortiExtender-4.1.6 FortiExtender-4.1.5 FortiExtender-4.1.4 FortiExtender-4.1.3 FortiExtender-4.1.2 FortiExtender-4.1.1 FortiExtender-4.0.2 FortiExtender-4.0.1 FortiExtender-4.0.0 FortiExtender-3.3.2 FortiExtender-3.3.1 FortiExtender-3.3.0 FortiExtender-3.2.3 FortiExtender-3.2.2 FortiExtender-3.2.1 FortiExtender-3.1.2 FortiExtender-3.1.1 FortiExtender-3.1.0 FortiExtender-3.0.2 FortiExtender-3.0.1 FortiExtender-3.0.0 7.0 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-048 Multiple command injection vulnerabilities in webserver Reference>