CVE-2019-15710: Command Injection
First published: Thu Oct 31 2019(Updated: )
An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiExtender Firmware | <=4.1.1 | |
| Fortinet FortiExtender Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-15710?
CVE-2019-15710 is classified as a high severity vulnerability due to its potential for unauthorized command execution.
How do I fix CVE-2019-15710?
To fix CVE-2019-15710, upgrade FortiExtender firmware to version 4.1.2 or later.
What type of vulnerability is CVE-2019-15710?
CVE-2019-15710 is an OS command injection vulnerability that affects CLI admin console operations.
Which versions of FortiExtender are affected by CVE-2019-15710?
CVE-2019-15710 affects FortiExtender versions 4.1.0 to 4.1.1 and 4.0.0 and below.
Can unauthorized users exploit CVE-2019-15710?
Yes, unauthorized administrators can exploit CVE-2019-15710 to execute arbitrary system-level commands.
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/fortiguard
- canonical/fortinet fortiextender firmware
- version/fortinet fortiextender firmware/4.1.1