Vulnerability Description
Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortianalyzer | >= 5.6.0, < 6.0.11 |
| Fortinet | Fortimanager | >= 5.6.0, < 6.0.11 |
| Fortinet | Fortiportal | < 5.2.6 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/advisory/FG-IR-21-037Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-f73m-ExploitThird Party Advisory
- https://fortiguard.com/advisory/FG-IR-21-037Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-f73m-ExploitThird Party Advisory
FAQ
What is CVE-2021-26104?
CVE-2021-26104 is a vulnerability with a CVSS score of 7.8 (HIGH). Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 an...
How severe is CVE-2021-26104?
CVE-2021-26104 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26104?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortianalyzer, Fortinet Fortimanager, Fortinet Fortiportal.