Описание
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.2.8 (исключая)Версия от 6.4.0 (включая) до 6.4.4 (исключая)
Одно из
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00143
Низкий
3.7 Low
CVSS3
6.3 Medium
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-1236
Связанные уязвимости
github
больше 3 лет назад
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.
EPSS
Процентиль: 35%
0.00143
Низкий
3.7 Low
CVSS3
6.3 Medium
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-1236