CVE-2021-24016

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.
References
Link Resource
https://fortiguard.com/advisory/FG-IR-20-190 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*

Information

Published : 2021-09-30 04:15

Updated : 2021-10-08 03:22


NVD link : CVE-2021-24016

Mitre link : CVE-2021-24016

Products Affected
No products.
CWE
CWE-1236

Improper Neutralization of Formula Elements in a CSV File