CVE-2021-43075

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers.
References
Link Resource
https://fortiguard.com/advisory/FG-IR-21-128 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*

Information

Published : 2022-03-01 07:15

Updated : 2022-03-09 02:52


NVD link : CVE-2021-43075

Mitre link : CVE-2021-43075

Products Affected
No products.
CWE