First published: Thu Oct 31 2019(Updated: )
An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiExtender Firmware | <=4.1.1 | |
Fortinet FortiExtender Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15710 is classified as a high severity vulnerability due to its potential for unauthorized command execution.
To fix CVE-2019-15710, upgrade FortiExtender firmware to version 4.1.2 or later.
CVE-2019-15710 is an OS command injection vulnerability that affects CLI admin console operations.
CVE-2019-15710 affects FortiExtender versions 4.1.0 to 4.1.1 and 4.0.0 and below.
Yes, unauthorized administrators can exploit CVE-2019-15710 to execute arbitrary system-level commands.