High severity7.8NVD Advisory· Published Jan 14, 2025· Updated Jun 17, 2026
CVE-2023-37937
CVE-2023-37937
Description
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI.
Affected products
2cpe:2.3:a:fortinet:fortiswitch:7.4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fortinet:fortiswitch:7.4.0:*:*:*:*:*:*:*range: 7.4.0
- (no CPE)range: 7.4.0, 7.2.0-7.2.5, 7.0.0-7.0.7, 6.4.0-6.4.13, 6.2.0-6.2.7, 6.0.0-6.0.7
Patches
Vulnerability mechanics
References
1- fortiguard.com/psirt/FG-IR-23-258nvdVendor Advisory
News mentions
0No linked articles in our index yet.