CVE-2019-15710 — OS Command Injection in Fortiextender Firmware

CWE-78 — OS Command Injection5 documents5 sources

Severity

7.2HIGHNVD

EPSS

2.2%

top 15.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortiguard Fortiextender Firmware Fortinet Fortiextender

Timeline

PublishedOct 31

Latest updateMay 24

Description

An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDfortiguard/fortiextender_firmware4.1.1

▶CVEListV5fortinet/fortiextender4.0.0 and below, 4.1.0 to 4.1.1+1

🔴Vulnerability Details

GHSA

GHSA-qwvq-972q-36q5: An OS command injection vulnerability in FortiExtender 4↗2022-05-24

▶

CVEList

CVE-2019-15710: An OS command injection vulnerability in FortiExtender 4↗2019-10-31

▶

💥Exploits & PoCs

Exploit-DB

Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation↗2019-01-23

▶

📋Vendor Advisories

Fortinet

An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow...↗2019-10-31

▶