Command injection in script handlers Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-110 Final 1 1 2021-11-02T00:00:00 Current version 2021-11-02T00:00:00 2021-11-02T00:00:00 An improper neutralization of special elements used in an OS command vulnerability ('OS Command Injection') [CWE-78] in FortiWLM may allow an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests to various controllers. None Execute unauthorized code or commands FortiWLM version 8.6.1 and below are impacted. Upgrade to FortiWLM version 8.6.2 or earlier. Internally discovered and reported by Mattia Fecit of Fortinet Product Security team. CVE-2021-36185 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-110 Command injection in script handlers Reference>