VYPR
Unrated severityNVD Advisory· Published Dec 8, 2021· Updated Oct 25, 2024

CVE-2021-36195

CVE-2021-36195

Description

Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments.

Affected products

2
  • Fortinet/Fortiwebllm-fuzzy2 versions
    >=6.1.0 <=6.1.2 || >=6.2.0 <=6.2.6 || >=6.3.0 <=6.3.15 || =6.4.0 || =6.4.1+ 1 more
    • (no CPE)range: >=6.1.0 <=6.1.2 || >=6.2.0 <=6.2.6 || >=6.3.0 <=6.3.15 || =6.4.0 || =6.4.1
    • (no CPE)range: FortiWeb 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.