Lucene search

[email protected]NVD:CVE-2021-44171

HistoryOct 10, 2022 - 2:15 p.m.

CVE-2021-44171

2022-10-1014:15:09

CWE-78

[email protected]

web.nvd.nist.gov

cve-2021-44171

fortinet fortios

command injection

privileged commands

diagnostic cli commands

fortiswitch

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

13.1%

JSON

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.

Affected configurations

Nvd

Node

fortinetfortiosRange6.0.0–6.0.14

fortinetfortiosRange6.2.0–6.2.10

fortinetfortiosRange6.4.0–6.4.8

fortinetfortiosRange7.0.0–7.0.3

VendorProductVersionCPE
fortinetfortios*cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortios	*	cpe:2.3:o:fortinet:fortios::::::::

References

fortiguard.com/psirt/FG-IR-21-242

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

13.1%

JSON

Related for NVD:CVE-2021-44171

cvelist1 nessus1 cve1 fortinet1 cnvd1 prion1