Back

FortiWAN - OS command injection leads to privilege escalation

CVE-2021-26115

Summary

An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.

Affected Products

FortiWAN versions 4.5.7 and below.

Solutions

Please upgrade to FortiWAN version 4.5.8 or above.

Acknowledgement

Fortinet is pleased to thank Resecurity, Inc for bringing this issue to our attention under responsible disclosure.

Newsletter

Keep up to date with the latest cybersecurity news and developments.

By subscribing, I understand and agree that my personal data will be collected and processed according to the Privacy and Cookies Policy

Cloud Architecture

Cloud Architecture
445 S. Figueroa Street
Los Angeles, CA 90071
Google Maps

Contact us by filling out the form.

Try Resecurity products today with a free trial