CVE-2021-44171

HIGH Year: 2021
CVSS v3 Score
8.0
High
Weakness Type
CWE-78
View all →

Vulnerability Description

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.

Related Vulnerabilities

CVE-2015-5018

HIGH
CVSS:8.0(High)

IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands...

CWE-782015

CVE-2017-2183

HIGH
CVSS:8.0(High)

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.

CWE-782017

CVE-2018-16216

HIGH
CVSS:8.0(High)

A command injection (missing input validation, escaping) in the monitoring or memory status web interface in AudioCodes 405HD (firmware 2.2.12) VoIP phone allows an authenticated remote attacker in th...

CWE-782018

CVE-2018-19977

HIGH
CVSS:8.0(High)

A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple...

CWE-782018

CVE-2018-21101

HIGH
CVSS:8.0(High)

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CWE-782018

CVE-2019-11539

HIGH
CVSS:8.0(High)

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX be...

CWE-782019