FortiWLM - authenticated command injection vulnerability
Summary
An Improper neutralization of special elements used in an os command vulnerabilities [CWE-78] in FortiWLM may allow a remote authenticated attacker with low privilege to execute unauthorized commands via specifically crafted http get request parameters.
Version | Affected | Solution |
---|---|---|
FortiWLM 8.6 | 8.6.0 through 8.6.5 | Upgrade to 8.6.6 or above |
FortiWLM 8.5 | Not affected | Not Applicable |
Acknowledgement
Fortinet is pleased to thank security researchers Zach Hanley (@hacks_zach) of Horizon3.ai for discovering and reporting this vulnerability under responsible disclosure.Timeline
2023-12-07: Initial publication