VYPR
High severity7.8NVD Advisory· Published Jan 14, 2025· Updated Jun 17, 2026

CVE-2023-37937

CVE-2023-37937

Description

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI.

Affected products

2
  • Fortinet/FortiSwitch GUIcpe-rescue2 versions
    cpe:2.3:a:fortinet:fortiswitch:7.4.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fortinet:fortiswitch:7.4.0:*:*:*:*:*:*:*range: 7.4.0
    • (no CPE)range: 7.4.0, 7.2.0-7.2.5, 7.0.0-7.0.7, 6.4.0-6.4.13, 6.2.0-6.2.7, 6.0.0-6.0.7

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.