Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
fortinetFortiGuard LabsFG-IR-20-190
HistorySep 07, 2021 - 12:00 a.m.

FortiManager - Excel formula injection in P&O IPv4 Policy names Vulnerability

2021-09-0700:00:00
FortiGuard Labs
www.fortiguard.com
13
fortimanager
vulnerability
arbitrary code execution
csv injection
p&o ipv4 policy names

EPSS

0

Percentile

12.6%

JSON

An improper neutralization of formula elements vulnerability (CWE 1236) in FortiManager may allow a local authenticated privileged attacker to execute arbitrary shell code on the end-user’s host via inserting CSV formula in the policy names. This is achieved once the user downloads and opens the configuration csv/xls* file.

Related

cvelist 1
cnvd 1
cve 1
prion 1
nvd 1
cvelist
cvelist
CVE-2021-24016
2021-09-30 15:18:38
cnvd
cnvd
Fortinet FortiManager Code Injection Vulnerability
2021-09-09 00:00:00
cve
cve
CVE-2021-24016
2021-09-30 16:15:07
prion
prion
Input validation
2021-09-30 16:15:00
nvd
nvd
CVE-2021-24016
2021-09-30 16:15:07

EPSS

0

Percentile

12.6%

JSON
Related for FG-IR-20-190
cvelist1cnvd1cve1prion1nvd1