CVE-2017-7341

CWE-78OS Command Injection4 documents4 sources
Severity
7.2HIGH
EPSS
2.5%
top 14.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiwlc
Timeline
PublishedOct 26
Latest updateMay 13

Description

An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

NVDfortinet/fortiwlc6.1-26.1-5+3

🔴Vulnerability Details

2
GHSA
GHSA-52fj-wgpc-qm7j: An OS Command Injection vulnerability in Fortinet FortiWLC 62022-05-13
CVEList
CVE-2017-7341: An OS Command Injection vulnerability in Fortinet FortiWLC 62017-10-26

📋Vendor Advisories

1
Fortinet
An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, a...2017-10-26
CVE-2017-7341 (HIGH CVSS 7.2) | An OS Command Injection vulnerabili | cvebase.io