CVE-2023-26210

moderate-risk
Published 2023-06-13

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] vulnerability in Fortinet allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.

Do I need to act?

-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (15)

Fortiadc Manager
Fortiadc Manager
Fortiadc Manager
Fortiadc Manager
Fortiadc Manager
Fortiadc Manager
Fortiadc Manager
Fortiadc Manager
Fortiadc Manager
Fortiadc Manager

Affected Vendors

Fortinet

References (2)

Vendor Advisory https://fortiguard.com/psirt/FG-IR-23-076
Vendor Advisory https://fortiguard.com/psirt/FG-IR-23-076
43
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 18/34 · Moderate