CVE-2021-41016: Arbitrary command execution because of missing CLI input sanitization
First published: Tue Feb 01 2022(Updated: )
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet Fortiextender Firmware | >=4.1.1<4.1.8 | |
| Fortinet Fortiextender Firmware | >=4.2.0<4.2.4 | |
| Fortinet Fortiextender Firmware | >=7.0.0<7.0.2 | |
| Fortinet FortiExtender |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2021-41016
- collector/fortiguard-psirt
- agent/references
- agent/severity
- agent/title
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- vendor/fortinet
- canonical/fortinet fortiextender firmware
- version/fortinet fortiextender firmware/4.1.1
- version/fortinet fortiextender firmware/4.2.0
- version/fortinet fortiextender firmware/7.0.0
- canonical/fortinet fortiextender