CVE-2020-29017 — OS Command Injection in Fortinet Fortideceptor

CWE-78 — OS Command Injection4 documents4 sources

Severity

8.8HIGHNVD

EPSS

5.5%

top 9.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortideceptor Fortinet Fortideceptor

Timeline

PublishedJan 14

Latest updateMay 24

Description

An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortideceptor3.0.0, 3.0.1, 3.1.0+2

▶CVEListV5fortinet/fortinet_fortideceptorFortiDeceptor 3.1.0, 3.0.1, 3.0.0

🔴Vulnerability Details

GHSA

GHSA-m4cc-m73q-8mw7: An OS command injection vulnerability in FortiDeceptor 3↗2022-05-24

▶

CVEList

CVE-2020-29017: An OS command injection vulnerability in FortiDeceptor 3↗2021-01-14

▶

📋Vendor Advisories

Fortinet

An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to...↗2021-01-14

▶