A vulnerability allowing OS command injection has been identified in Fortinet FortiManager and FortiAnalyzer. This issue affects multiple versions across several release branches: 7.4.0 to 7.4.2, 7.2.0 to 7.2.5, 7.0.0 to 7.0.12, 6.4.0 to 6.4.14, 6.2.0 to 6.2.12, 6.0.0 to 6.0.12, 5.6.0 to 5.6.11, 5.4.0 to 5.4.7, 5.2.0 to 5.2.10, and 5.0.0 to 5.0.12. The vulnerability arises from multiple instances of improper neutralization of special elements, which could allow an attacker to execute unauthorized code or commands by sending crafted CLI requests.
Exploitation of this vulnerability could lead to unauthorized execution of code or commands on the affected system.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
