Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
FortiTester 操作系统命令注入漏洞
Vulnerability Description
FortiTester是FortiTester公司的一款基于 Fortinet 专业的网络流量测试工具。 FortiTester 2.3.0 到 3.9.1、4.0.0 到 4.2.0、7.0.0 到 7.1.0版本存在安全漏洞,该漏洞源于管理界面中对 OS 命令中使用的特殊元素的不当无效化,攻击者利用该漏洞可以通过专门制作的证书导入功能命令的参数来执行未经授权的命令。
CVSS Information
N/A
Vulnerability Type
N/A