CVE-2021-36195

CWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 55.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiwebFortinet Fortinet Fortiweb
Timeline
PublishedDec 8
Latest updateDec 9

Description

Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 0.8 | Impact: 3.4

Affected Packages2 packages

NVDfortinet/fortiweb6.2.06.2.5+6
CVEListV5fortinet/fortinet_fortiwebFortiWeb 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
GHSA
GHSA-jg5p-7m49-jgfj: Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 62021-12-09
CVEList
CVE-2021-36195: Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 62021-12-08

📋Vendor Advisories

1
Fortinet
Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 thro...2021-12-08
CVE-2021-36195 (HIGH CVSS 8.8) | Multiple command injection vulnerab | cvebase.io