Command injection vulnerabilities in cli commands

Command injection vulnerabilities in cli commands Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-076 Final 1 1 2023-06-12T00:00:00 Current version 2023-06-12T00:00:00 2023-06-12T00:00:00 Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in FortiADC & FortiADC Manager may allow a local authenticated attacker to execute arbitrary shell code as root user via crafted CLI requests. None Execute unauthorized code or commands FortiADC version 7.2.0FortiADC version 7.1.0 through 7.1.2FortiADC 7.0 all versionsFortiADC 6.2 all versionsFortiADC 6.1 all versionsFortiADC 6.0 all versionsFortiADC 5.4 all versionsFortiADC 5.3 all versionsFortiADC 5.2 all versionsAt leastFortiADCManager 7.2 all versions are not affectedFortiADCManager version 7.1.0FortiADCManager version 7.0.0FortiADCManager 6.2 all versionsFortiADCManager 6.1 all versionsFortiADCManager 6.0 all versionsFortiADCManager 5.4 all versionsFortiADCManager 5.3 all versionsFortiADCManager 5.2 all versions Please upgrade to FortiADC version 7.2.1 or abovePlease upgrade to FortiADC version 7.1.3 or abovePlease upgrade to FortiADCManager version 7.2.0 or abovePlease upgrade to FortiADCManager version 7.1.1 or abovePlease upgrade to FortiADCManager version 7.0.1 or above Internally discovered and reported by Théo Leleu and Giulia Clerici of Fortinet Product Security team. FortiADC 7.2.0 FortiADC 7.1.2 FortiADC 7.1.1 FortiADC 7.1.0 FortiADC 7.0.6 FortiADC 7.0.5 FortiADC 7.0.4 FortiADC 7.0.3 FortiADC 7.0.2 FortiADC 7.0.1 FortiADC 7.0.0 FortiADC 6.2.6 FortiADC 6.2.5 FortiADC 6.2.4 FortiADC 6.2.3 FortiADC 6.2.2 FortiADC 6.2.1 FortiADC 6.2.0 FortiADC 6.1.6 FortiADC 6.1.5 FortiADC 6.1.4 FortiADC 6.1.3 FortiADC 6.1.2 FortiADC 6.1.1 FortiADC 6.1.0 FortiADC 6.0.4 FortiADC 6.0.3 FortiADC 6.0.2 FortiADC 6.0.1 FortiADC 6.0.0 FortiADC 5.4.5 FortiADC 5.4.4 FortiADC 5.4.3 FortiADC 5.4.2 FortiADC 5.4.1 FortiADC 5.4.0 FortiADC 5.3.7 FortiADC 5.3.6 FortiADC 5.3.5 FortiADC 5.3.4 FortiADC 5.3.3 FortiADC 5.3.2 FortiADC 5.3.1 FortiADC 5.3.0 FortiADC 5.2.8 FortiADC 5.2.7 FortiADC 5.2.6 FortiADC 5.2.5 FortiADC 5.2.4 FortiADC 5.2.3 FortiADC 5.2.2 FortiADC 5.2.1 FortiADC 5.2.0 FortiADCManager 7.1.0 FortiADCManager 7.0.0 FortiADCManager 6.2.1 FortiADCManager 6.2.0 FortiADCManager 6.1.0 FortiADCManager 6.0.0 FortiADCManager 5.4.0 FortiADCManager 5.3.0 FortiADCManager 5.2.1 FortiADCManager 5.2.0 Command injection vulnerabilities in cli commands CVE-2023-26210 FortiADC-7.2.0 FortiADC-7.1.2 FortiADC-7.1.1 FortiADC-7.1.0 FortiADC-7.0.6 FortiADC-7.0.5 FortiADC-7.0.4 FortiADC-7.0.3 FortiADC-7.0.2 FortiADC-7.0.1 FortiADC-7.0.0 FortiADC-6.2.6 FortiADC-6.2.5 FortiADC-6.2.4 FortiADC-6.2.3 FortiADC-6.2.2 FortiADC-6.2.1 FortiADC-6.2.0 FortiADC-6.1.6 FortiADC-6.1.5 FortiADC-6.1.4 FortiADC-6.1.3 FortiADC-6.1.2 FortiADC-6.1.1 FortiADC-6.1.0 FortiADC-6.0.4 FortiADC-6.0.3 FortiADC-6.0.2 FortiADC-6.0.1 FortiADC-6.0.0 FortiADC-5.4.5 FortiADC-5.4.4 FortiADC-5.4.3 FortiADC-5.4.2 FortiADC-5.4.1 FortiADC-5.4.0 FortiADC-5.3.7 FortiADC-5.3.6 FortiADC-5.3.5 FortiADC-5.3.4 FortiADC-5.3.3 FortiADC-5.3.2 FortiADC-5.3.1 FortiADC-5.3.0 FortiADC-5.2.8 FortiADC-5.2.7 FortiADC-5.2.6 FortiADC-5.2.5 FortiADC-5.2.4 FortiADC-5.2.3 FortiADC-5.2.2 FortiADC-5.2.1 FortiADC-5.2.0 FortiADCManager-7.1.0 FortiADCManager-7.0.0 FortiADCManager-6.2.1 FortiADCManager-6.2.0 FortiADCManager-6.1.0 FortiADCManager-6.0.0 FortiADCManager-5.4.0 FortiADCManager-5.3.0 FortiADCManager-5.2.1 FortiADCManager-5.2.0 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-23-076 Command injection vulnerabilities in cli commands Reference>