CVE-2021-36182

CWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.7%
top 26.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiwebFortinet Fortinet Fortiweb
Timeline
PublishedSep 8
Latest updateMay 24

Description

A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiweb6.3.06.3.14+1
CVEListV5fortinet/fortinet_fortiwebFortiWeb 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0

🔴Vulnerability Details

2
GHSA
GHSA-jcp2-cx35-47gg: A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 62022-05-24
CVEList
CVE-2021-36182: A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 62021-09-08

📋Vendor Advisories

1
Fortinet
A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.1...2021-09-08
CVE-2021-36182 (HIGH CVSS 8.8) | A Improper neutralization of specia | cvebase.io