CVE-2021-24015OS Command Injection in Fortinet Fortimail

CWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGHNVD
CNA7.2
EPSS
0.3%
top 45.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimailFortinet Fortimail
Timeline
PublishedJul 12
Latest updateMay 24

Description

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortimail6.0.06.0.11+3
CVEListV5fortinet/fortinet_fortimailFortiMail before 6.4.4

🔴Vulnerability Details

2
GHSA
GHSA-qgvx-8c9v-f6rh: An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 62022-05-24
CVEList
CVE-2021-24015: An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 62021-07-12

📋Vendor Advisories

1
Fortinet
An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of Fo...2021-07-12
CVE-2021-24015 — OS Command Injection in Fortinet | cvebase