CVE-2021-24009
published 2022-04-06CVE-2021-24009: Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet_fortiwan | — | — |
| fortinet | fortiwan | <= 4.5.8 | — |
| fortinet | fortiwan | — | — |