Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
Fortinet FortiManager 代码注入漏洞
Vulnerability Description
Fortinet FortiManager是美国飞塔(Fortinet)公司的一套集中化网络安全管理平台。该平台支持集中管理任意数量的Fortinet设备,并能够将设备分组到不同的管理域(ADOM)进一步简化多设备安全部署与管理。 Fortinet FortiManager 存在代码注入漏洞,该漏洞源于FortiManager 中存在不正确的身份验证。攻击者可利用该漏洞通过 POST 请求分配或取消分配全局策略包到 flatui/json 模块。
CVSS Information
N/A
Vulnerability Type
N/A