cbcvebase.
CVE-2020-29017
published 2021-01-14

CVE-2020-29017: An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the…

PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.64%
88.1th percentile
An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.

Affected

4 ranges
VendorProductVersion rangeFixed in
fortinetfortideceptor
fortinetfortideceptor
fortinetfortideceptor
fortinetfortideceptor

Detection & IOCsextracted from sources · hover to see the quote

  • Target attack surface is the Customization page of FortiDeceptor — monitor for anomalous or unexpected OS commands originating from web application processes on this endpoint
  • Classify as CWE-78 (OS Command Injection); look for shell metacharacters or command separators in HTTP requests submitted to the FortiDeceptor Customization page
  • Exploitation requires an authenticated remote attacker — correlate with prior authentication events when investigating suspicious command execution on FortiDeceptor
  • ·Affected versions are FortiDeceptor 3.1.0, 3.0.1, and 3.0.0 only — verify installed version before applying detections or mitigations

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.