Skip to main content

Fortiadc CVE-2023-27999

HIGH
OS Command Injection (CWE-78)
2023-05-03 psirt@fortinet.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 03, 2023 - 22:15 nvd
HIGH 7.8

DescriptionNVD

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

AnalysisAI

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. Affected products include: Fortinet Fortiadc. Version information: through 7.1.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2022-38381 CRITICAL
9.8 Nov 02

An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all version

CVE-2023-25603 CRITICAL
9.1 Nov 14

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.

CVE-2023-26205 HIGH
8.8 Nov 14

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions,

CVE-2022-33875 HIGH
8.8 Dec 06

An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiA

CVE-2022-26120 HIGH
8.8 Jul 18

Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] i

CVE-2023-25607 HIGH
7.8 Oct 10

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in

CVE-2023-28000 HIGH
7.8 Jun 13

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0

CVE-2023-26210 HIGH
7.8 Jun 13

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-

CVE-2022-22299 HIGH
7.8 Aug 05

A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiAD

CVE-2025-31104 HIGH
7.2 Jun 10

FortiADC versions 6.1 through 7.6.1 contain an OS command injection vulnerability (CWE-78) that allows authenticated att

CVE-2023-27993 HIGH
7.1 May 03

A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to d

CVE-2023-29177 MEDIUM
6.7 Nov 14

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC ve

Share

CVE-2023-27999 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy