Command injection vulnerability
Summary
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
Version | Affected | Solution |
---|---|---|
FortiWAN 4.5 | 4.5.0 through 4.5.9 | Upgrade to 4.5.10 or above |
FortiWAN 4.4 | 4.4 all versions | Migrate to a fixed release |
FortiWAN 4.3 | 4.3 all versions | Migrate to a fixed release |
FortiWAN 4.2 | 4.2 all versions | Migrate to a fixed release |
FortiWAN 4.1 | 4.1 all versions | Migrate to a fixed release |
FortiWAN 4.0 | 4.0 all versions | Migrate to a fixed release |