- Description
- An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
- Source
- psirt@fortinet.com
- NVD status
- Modified
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE3141AC-861F-4B06-B39D-F6DDB998073D",
"versionEndExcluding": "6.2.5",
"versionStartIncluding": "5.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiddos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F33B8503-AE60-4E4F-B664-C47B3A606C74",
"versionEndExcluding": "5.7.0",
"versionStartIncluding": "4.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C211C719-BCE5-4D78-BD49-846384742B6A",
"versionEndExcluding": "6.1.5",
"versionStartIncluding": "6.1.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29EF3271-456A-431E-A02F-530018A229D5",
"versionEndExcluding": "6.2.3",
"versionStartIncluding": "6.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E574BD8-00B8-4D6F-9CCF-512E8ECF1D7F",
"versionEndExcluding": "6.3.4",
"versionStartIncluding": "6.3.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiddos-f:6.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9C4E7CA-746B-4542-9E83-AC75C3DAB1FD"
}
],
"operator": "OR"
}
]
}
]