CVE-2021-26097

CWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.3%
top 43.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortisandboxFortinet Fortinet Fortisandbox
Timeline
PublishedAug 4
Latest updateMay 24

Description

An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortisandbox3.1.03.1.5+2
CVEListV5fortinet/fortinet_fortisandboxFortiSandbox 3.2.2, 3.2.1, 3.2.0, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0, 3.0.6, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0

🔴Vulnerability Details

2
GHSA
GHSA-5xf4-mvc2-mx6c: An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 32022-05-24
CVEList
CVE-2021-26097: An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 32021-08-04

📋Vendor Advisories

1
Fortinet
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2,...2021-08-04
CVE-2021-26097 (HIGH CVSS 8.8) | An improper neutralization of speci | cvebase.io