CVE-2021-24016

Published: Sep 30, 2021

Modified: Oct 25, 2024

PUBLISHED

CVSS v3.1

3.7

LOW

Description

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.

Vendor	Product	Versions
Fortinet	Fortinet FortiManager	affected `FortiManager 6.4.3, 6.2.7`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N/E:P/RL:X/RC:X

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://fortiguard.com/advisory/FG-IR-20-190

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-24016

Description

Affected Products

CVSS v3.1 Details

References