CVE-2023-26210: OS Command Injection
First published: Tue Jun 13 2023(Updated: )
Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiADC | >=5.2.0<=5.2.8 | |
| Fortinet FortiADC | >=5.3.0<=5.3.7 | |
| Fortinet FortiADC | >=5.4.0<=5.4.5 | |
| Fortinet FortiADC | >=6.0.0<=6.0.4 | |
| Fortinet FortiADC | >=6.1.0<=6.1.6 | |
| Fortinet FortiADC | >=6.2.0<=6.2.6 | |
| Fortinet FortiADC | >=7.0.0<=7.0.5 | |
| Fortinet FortiADC | =7.1.0 | |
| Fortinet FortiADC | =7.1.1 | |
| Fortinet FortiADC | =7.1.2 | |
| Fortinet FortiADC | =7.2.0 | |
| Fortinet Fortiadc Manager | =5.2.0 | |
| Fortinet Fortiadc Manager | =5.2.1 | |
| Fortinet Fortiadc Manager | =5.3.0 | |
| Fortinet Fortiadc Manager | =5.4.0 | |
| Fortinet Fortiadc Manager | =6.0.0 | |
| Fortinet Fortiadc Manager | =6.1.0 | |
| Fortinet Fortiadc Manager | =6.2.0 | |
| Fortinet Fortiadc Manager | =6.2.1 | |
| Fortinet Fortiadc Manager | =7.0.0 | |
| Fortinet Fortiadc Manager | =7.1.0 |
Remedy
Please upgrade to FortiADC version 7.2.1 or above Please upgrade to FortiADC version 7.1.3 or above Please upgrade to FortiADCManager version 7.2.0 or above Please upgrade to FortiADCManager version 7.1.1 or above Please upgrade to FortiADCManager version 7.0.1 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Fortinet FortiADC vulnerability?
The vulnerability ID is CVE-2023-26210.
What is the severity level of CVE-2023-26210?
The severity level of CVE-2023-26210 is high with a CVSS score of 7.8.
Which software versions are affected by CVE-2023-26210?
Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 are affected by CVE-2023-26210.
What is the CWE ID associated with CVE-2023-26210?
The CWE ID associated with CVE-2023-26210 is CWE-78.
How can I fix the CVE-2023-26210 vulnerability?
To fix the CVE-2023-26210 vulnerability, it is recommended to update Fortinet FortiADCManager and FortiADC to versions that are not affected by the vulnerability.
- collector/nvd-index
- agent/type
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/fortinet
- canonical/fortinet fortiadc
- version/fortinet fortiadc/5.2.0
- version/fortinet fortiadc/5.2.8
- version/fortinet fortiadc/5.3.0
- version/fortinet fortiadc/5.3.7
- version/fortinet fortiadc/5.4.0
- version/fortinet fortiadc/5.4.5
- version/fortinet fortiadc/6.0.0
- version/fortinet fortiadc/6.0.4
- version/fortinet fortiadc/6.1.0
- version/fortinet fortiadc/6.1.6
- version/fortinet fortiadc/6.2.0
- version/fortinet fortiadc/6.2.6
- version/fortinet fortiadc/7.0.0
- version/fortinet fortiadc/7.0.5
- version/fortinet fortiadc/7.1.0
- version/fortinet fortiadc/7.1.1
- version/fortinet fortiadc/7.1.2
- version/fortinet fortiadc/7.2.0
- canonical/fortinet fortiadc manager
- version/fortinet fortiadc manager/5.2.0
- version/fortinet fortiadc manager/5.2.1
- version/fortinet fortiadc manager/5.3.0
- version/fortinet fortiadc manager/5.4.0
- version/fortinet fortiadc manager/6.0.0
- version/fortinet fortiadc manager/6.1.0
- version/fortinet fortiadc manager/6.2.0
- version/fortinet fortiadc manager/6.2.1
- version/fortinet fortiadc manager/7.0.0
- version/fortinet fortiadc manager/7.1.0