Vulnerability-Lookup

CVE-2023-26210 (GCVE-0-2023-26210)

Vulnerability from cvelistv5 – Published: 2023-06-13 08:41 – Updated: 2026-01-14 14:15

Summary

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] vulnerability in Fortinet allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:C

CWE

CWE-78 - Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-23-076

Impacted products

Vendor

Product

Version

Fortinet

FortiADC

Affected: 7.2.0
Affected: 7.1.0 , ≤ 7.1.1 (semver)
Affected: 7.0.0 , ≤ 7.0.6 (semver)
Affected: 6.2.0 , ≤ 6.2.6 (semver)
Affected: 6.1.0 , ≤ 6.1.6 (semver)
Affected: 6.0.0 , ≤ 6.0.4 (semver)
Affected: 5.4.0 , ≤ 5.4.5 (semver)
Affected: 5.3.0 , ≤ 5.3.7 (semver)
Affected: 5.2.0 , ≤ 5.2.8 (semver)
    cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*

Fortinet

FortiADCManager

Affected: 7.1.0
Affected: 7.0.0
Affected: 6.2.0 , ≤ 6.2.1 (semver)
Affected: 6.1.0
Affected: 6.0.0
Affected: 5.4.0
Affected: 5.3.0
Affected: 5.2.0 , ≤ 5.2.1 (semver)
    cpe:2.3:h:fortinet:fortiadcmanager:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadcmanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadcmanager:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadcmanager:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadcmanager:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadcmanager:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadcmanager:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadcmanager:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadcmanager:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:h:fortinet:fortiadcmanager:5.2.0:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:46:23.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-076",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-076"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-26210",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:10:55.831517Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T14:26:13.951Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiADC",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.6",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.6",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.4",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.5",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.7",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.8",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:h:fortinet:fortiadcmanager:7.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadcmanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadcmanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadcmanager:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadcmanager:6.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadcmanager:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadcmanager:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadcmanager:5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadcmanager:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:h:fortinet:fortiadcmanager:5.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiADCManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "lessThanOrEqual": "6.2.1",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "6.1.0"
            },
            {
              "status": "affected",
              "version": "6.0.0"
            },
            {
              "status": "affected",
              "version": "5.4.0"
            },
            {
              "status": "affected",
              "version": "5.3.0"
            },
            {
              "lessThanOrEqual": "5.2.1",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple improper neutralization of special elements used in an os command (\u0027OS Command Injection\u0027) vulnerabilties [CWE-78] vulnerability in Fortinet  allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T14:15:28.898Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-076",
          "url": "https://fortiguard.com/psirt/FG-IR-23-076"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiADC version 7.2.1 or above\nPlease upgrade to FortiADC version 7.1.3 or above\nPlease upgrade to FortiADCManager version 7.2.0 or above\nPlease upgrade to FortiADCManager version 7.1.1 or above\nPlease upgrade to FortiADCManager version 7.0.1 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-26210",
    "datePublished": "2023-06-13T08:41:46.873Z",
    "dateReserved": "2023-02-20T15:09:20.637Z",
    "dateUpdated": "2026-01-14T14:15:28.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.2.0\", \"versionEndIncluding\": \"5.2.8\", \"matchCriteriaId\": \"6B546C4E-F9AF-4514-B5A9-BD29A1FE663E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.3.0\", \"versionEndIncluding\": \"5.3.7\", \"matchCriteriaId\": \"A3EEDDB2-61AC-43F4-9719-3548057EF30E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.4.0\", \"versionEndIncluding\": \"5.4.5\", \"matchCriteriaId\": \"54EBC78D-0358-474F-9654-3EF9950D563B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.0.4\", \"matchCriteriaId\": \"3ADB57D8-1ABE-4401-B1B0-4640A34C555A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.1.0\", \"versionEndIncluding\": \"6.1.6\", \"matchCriteriaId\": \"D31CF79E-6C56-4CD0-9DD2-FBB48D503786\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2.0\", \"versionEndIncluding\": \"6.2.6\", \"matchCriteriaId\": \"F5275C5C-B6FD-4456-B143-ECDD282150C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndIncluding\": \"7.0.5\", \"matchCriteriaId\": \"302D8FF0-69B6-451A-9B5B-E28B2FAA30D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B35D8D53-448B-474C-B7CB-324CB4ED7A82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"933701AE-43E3-4260-973B-4EA09C375965\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F3029D7-4C37-4468-9CCD-45C7259EFF2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74B0A112-AA30-4D11-8F36-3DC8A2EBCA16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc_manager:5.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CAA5FB00-FC3E-4777-BD9A-734987027551\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc_manager:5.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E41C15C-0F00-489B-A613-8ACEB42AB0E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc_manager:5.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"748AC964-D839-4C52-A66E-0BAA4AE01FF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc_manager:5.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE35CDD0-DFA3-47C9-BC7A-A96DC56104AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc_manager:6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF5202B6-3CD2-4D7E-8344-6A89B79B2311\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc_manager:6.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F621087C-9173-4CB9-B3CA-303AD0DEBFD0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc_manager:6.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"030BA301-8A64-46AB-990D-24BCDFCDE4E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc_manager:6.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"692AC209-F327-4746-933B-002601232B42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc_manager:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4CC6A0A-A3AB-443A-880A-608FC9598D50\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiadc_manager:7.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9435E543-D4A4-416E-A8A7-CE45868E1F82\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple improper neutralization of special elements used in an os command (\u0027OS Command Injection\u0027) vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.\"}]",
      "id": "CVE-2023-26210",
      "lastModified": "2024-11-21T07:50:55.397",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2023-06-13T09:15:16.510",
      "references": "[{\"url\": \"https://fortiguard.com/psirt/FG-IR-23-076\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://fortiguard.com/psirt/FG-IR-23-076\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@fortinet.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-26210\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2023-06-13T09:15:16.510\",\"lastModified\":\"2026-01-14T15:15:53.513\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple improper neutralization of special elements used in an os command (\u0027OS Command Injection\u0027) vulnerabilties [CWE-78] vulnerability in Fortinet  allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2.0\",\"versionEndIncluding\":\"5.2.8\",\"matchCriteriaId\":\"6B546C4E-F9AF-4514-B5A9-BD29A1FE663E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3.0\",\"versionEndIncluding\":\"5.3.7\",\"matchCriteriaId\":\"A3EEDDB2-61AC-43F4-9719-3548057EF30E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.0\",\"versionEndIncluding\":\"5.4.5\",\"matchCriteriaId\":\"54EBC78D-0358-474F-9654-3EF9950D563B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.4\",\"matchCriteriaId\":\"3ADB57D8-1ABE-4401-B1B0-4640A34C555A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0\",\"versionEndIncluding\":\"6.1.6\",\"matchCriteriaId\":\"D31CF79E-6C56-4CD0-9DD2-FBB48D503786\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndIncluding\":\"6.2.6\",\"matchCriteriaId\":\"F5275C5C-B6FD-4456-B143-ECDD282150C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.5\",\"matchCriteriaId\":\"302D8FF0-69B6-451A-9B5B-E28B2FAA30D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B35D8D53-448B-474C-B7CB-324CB4ED7A82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"933701AE-43E3-4260-973B-4EA09C375965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F3029D7-4C37-4468-9CCD-45C7259EFF2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74B0A112-AA30-4D11-8F36-3DC8A2EBCA16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc_manager:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAA5FB00-FC3E-4777-BD9A-734987027551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc_manager:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E41C15C-0F00-489B-A613-8ACEB42AB0E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc_manager:5.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"748AC964-D839-4C52-A66E-0BAA4AE01FF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc_manager:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE35CDD0-DFA3-47C9-BC7A-A96DC56104AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc_manager:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF5202B6-3CD2-4D7E-8344-6A89B79B2311\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc_manager:6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F621087C-9173-4CB9-B3CA-303AD0DEBFD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc_manager:6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"030BA301-8A64-46AB-990D-24BCDFCDE4E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc_manager:6.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"692AC209-F327-4746-933B-002601232B42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc_manager:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4CC6A0A-A3AB-443A-880A-608FC9598D50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiadc_manager:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9435E543-D4A4-416E-A8A7-CE45868E1F82\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-23-076\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-23-076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-23-076\", \"name\": \"https://fortiguard.com/psirt/FG-IR-23-076\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:46:23.415Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-26210\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T14:10:55.831517Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T14:14:38.085Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:C\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiADC\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.2.0\"}, {\"status\": \"affected\", \"version\": \"7.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.1.1\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.6\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.2.6\"}, {\"status\": \"affected\", \"version\": \"6.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.6\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0.4\"}, {\"status\": \"affected\", \"version\": \"5.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.5\"}, {\"status\": \"affected\", \"version\": \"5.3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.3.7\"}, {\"status\": \"affected\", \"version\": \"5.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.2.8\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:h:fortinet:fortiadcmanager:7.1.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadcmanager:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadcmanager:6.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadcmanager:6.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadcmanager:6.1.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadcmanager:6.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadcmanager:5.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadcmanager:5.3.0:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadcmanager:5.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:h:fortinet:fortiadcmanager:5.2.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiADCManager\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.1.0\"}, {\"status\": \"affected\", \"version\": \"7.0.0\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.2.1\"}, {\"status\": \"affected\", \"version\": \"6.1.0\"}, {\"status\": \"affected\", \"version\": \"6.0.0\"}, {\"status\": \"affected\", \"version\": \"5.4.0\"}, {\"status\": \"affected\", \"version\": \"5.3.0\"}, {\"status\": \"affected\", \"version\": \"5.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.2.1\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiADC version 7.2.1 or above\\nPlease upgrade to FortiADC version 7.1.3 or above\\nPlease upgrade to FortiADCManager version 7.2.0 or above\\nPlease upgrade to FortiADCManager version 7.1.1 or above\\nPlease upgrade to FortiADCManager version 7.0.1 or above\"}], \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-23-076\", \"name\": \"https://fortiguard.com/psirt/FG-IR-23-076\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple improper neutralization of special elements used in an os command (\u0027OS Command Injection\u0027) vulnerabilties [CWE-78] vulnerability in Fortinet  allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"Execute unauthorized code or commands\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2026-01-14T14:15:28.898Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-26210\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-14T14:15:28.898Z\", \"dateReserved\": \"2023-02-20T15:09:20.637Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2023-06-13T08:41:46.873Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2023-AVI-0451

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.0.10
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.0.0
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiConverter versions 6.x antérieures à 6.2.2
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.2
Fortinet	FortiNAC	FortiNAC versions 8.x à 9.1.x antérieures à 9.1.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.12
Fortinet	N/A	FortiADCManager versions 5.x à 7.0.x antérieures à 7.0.1
Fortinet	FortiNAC	FortiNAC versions 9.2.x antérieures à 9.2.8
Fortinet	FortiNAC	FortiNAC versions 9.4.x antérieures à 9.4.3
Fortinet	FortiOS	FortiOS versions 6.x à 7.0.x antérieures à 7.0.12
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.12
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiClientWindows versions 6.4.x antérieures à 6.4.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.2
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.7
Fortinet	N/A	FortiConverter versions 7.0.x antérieures à 7.0.1
Fortinet	FortiOS	FortiOS-6K7K versions 6.0.x antérieures à 6.0.17
Fortinet	FortiNAC	FortiNAC-F versions 7.2.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.5
Fortinet	FortiOS	FortiOS-6K7K versions 6.2.x antérieures à 6.2.15
Fortinet	FortiWeb	FortiWeb versions 6.x à 7.0.x antérieures à 7.0.7
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.2
Fortinet	FortiOS	FortiOS-6K7K versions 6.4.x antérieures à 6.4.13
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.4
Fortinet	FortiOS	FortiOS-6K7K versions 7.0.x antérieures à 7.0.12
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.7
Fortinet	FortiADC	FortiADC versions 5.x à 7.1.x antérieures à 7.1.3
Fortinet	N/A	FortiClientWindows versions 7.0.x antérieures à 7.0.7
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiADCManager versions antérieures à 7.1.1
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité FG-IR-22-380 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-076 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-494 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-21-141 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-111 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-521 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-229 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-125 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-097 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-107 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-259 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-468 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-258 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-095 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-463 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-119 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-393 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-375 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-455 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-493 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-332 du 12 juin 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.0.0",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiConverter versions 6.x ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 8.x \u00e0 9.1.x ant\u00e9rieures \u00e0 9.1.9",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADCManager versions 5.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.8",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.3",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiConverter versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.0.x ant\u00e9rieures \u00e0 6.0.17",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC-F versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 5.x \u00e0 7.1.x ant\u00e9rieures \u00e0 7.1.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADCManager versions ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.0.0",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-25609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25609"
    },
    {
      "name": "CVE-2023-22633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22633"
    },
    {
      "name": "CVE-2022-39946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39946"
    },
    {
      "name": "CVE-2022-42474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42474"
    },
    {
      "name": "CVE-2022-42478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42478"
    },
    {
      "name": "CVE-2022-33877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33877"
    },
    {
      "name": "CVE-2023-27997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"
    },
    {
      "name": "CVE-2023-26210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26210"
    },
    {
      "name": "CVE-2023-29181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29181"
    },
    {
      "name": "CVE-2023-26207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26207"
    },
    {
      "name": "CVE-2022-43949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43949"
    },
    {
      "name": "CVE-2023-29179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29179"
    },
    {
      "name": "CVE-2023-33305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33305"
    },
    {
      "name": "CVE-2023-29178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29178"
    },
    {
      "name": "CVE-2022-41327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41327"
    },
    {
      "name": "CVE-2023-26204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26204"
    },
    {
      "name": "CVE-2023-22639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22639"
    },
    {
      "name": "CVE-2022-43953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43953"
    },
    {
      "name": "CVE-2023-28000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28000"
    },
    {
      "name": "CVE-2023-29175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29175"
    },
    {
      "name": "CVE-2023-29180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29180"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0451",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-380 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-380"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-076 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-076"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-494 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-494"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-21-141 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-141"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-111 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-111"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-521 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-521"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-229 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-229"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-125 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-125"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-097 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-097"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-107 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-107"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-259 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-259"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-468 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-468"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-258 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-258"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-095 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-095"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-463 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-463"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-119 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-119"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-393 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-393"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-375 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-375"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-455 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-493 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-493"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-332 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-332"
    }
  ]
}

CERTFR-2023-AVI-0451

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.0.10
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.0.0
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiConverter versions 6.x antérieures à 6.2.2
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.2
Fortinet	FortiNAC	FortiNAC versions 8.x à 9.1.x antérieures à 9.1.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.12
Fortinet	N/A	FortiADCManager versions 5.x à 7.0.x antérieures à 7.0.1
Fortinet	FortiNAC	FortiNAC versions 9.2.x antérieures à 9.2.8
Fortinet	FortiNAC	FortiNAC versions 9.4.x antérieures à 9.4.3
Fortinet	FortiOS	FortiOS versions 6.x à 7.0.x antérieures à 7.0.12
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.12
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiClientWindows versions 6.4.x antérieures à 6.4.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.2
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.7
Fortinet	N/A	FortiConverter versions 7.0.x antérieures à 7.0.1
Fortinet	FortiOS	FortiOS-6K7K versions 6.0.x antérieures à 6.0.17
Fortinet	FortiNAC	FortiNAC-F versions 7.2.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.5
Fortinet	FortiOS	FortiOS-6K7K versions 6.2.x antérieures à 6.2.15
Fortinet	FortiWeb	FortiWeb versions 6.x à 7.0.x antérieures à 7.0.7
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.2
Fortinet	FortiOS	FortiOS-6K7K versions 6.4.x antérieures à 6.4.13
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.4
Fortinet	FortiOS	FortiOS-6K7K versions 7.0.x antérieures à 7.0.12
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.7
Fortinet	FortiADC	FortiADC versions 5.x à 7.1.x antérieures à 7.1.3
Fortinet	N/A	FortiClientWindows versions 7.0.x antérieures à 7.0.7
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiADCManager versions antérieures à 7.1.1
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité FG-IR-22-380 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-076 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-494 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-21-141 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-111 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-521 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-229 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-125 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-097 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-107 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-259 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-468 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-258 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-095 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-463 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-119 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-393 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-375 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-455 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-493 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-332 du 12 juin 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.0.0",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiConverter versions 6.x ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 8.x \u00e0 9.1.x ant\u00e9rieures \u00e0 9.1.9",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADCManager versions 5.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.8",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.3",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiConverter versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.0.x ant\u00e9rieures \u00e0 6.0.17",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC-F versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 5.x \u00e0 7.1.x ant\u00e9rieures \u00e0 7.1.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADCManager versions ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.0.0",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-25609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25609"
    },
    {
      "name": "CVE-2023-22633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22633"
    },
    {
      "name": "CVE-2022-39946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39946"
    },
    {
      "name": "CVE-2022-42474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42474"
    },
    {
      "name": "CVE-2022-42478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42478"
    },
    {
      "name": "CVE-2022-33877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33877"
    },
    {
      "name": "CVE-2023-27997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"
    },
    {
      "name": "CVE-2023-26210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26210"
    },
    {
      "name": "CVE-2023-29181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29181"
    },
    {
      "name": "CVE-2023-26207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26207"
    },
    {
      "name": "CVE-2022-43949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43949"
    },
    {
      "name": "CVE-2023-29179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29179"
    },
    {
      "name": "CVE-2023-33305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33305"
    },
    {
      "name": "CVE-2023-29178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29178"
    },
    {
      "name": "CVE-2022-41327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41327"
    },
    {
      "name": "CVE-2023-26204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26204"
    },
    {
      "name": "CVE-2023-22639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22639"
    },
    {
      "name": "CVE-2022-43953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43953"
    },
    {
      "name": "CVE-2023-28000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28000"
    },
    {
      "name": "CVE-2023-29175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29175"
    },
    {
      "name": "CVE-2023-29180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29180"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0451",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-380 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-380"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-076 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-076"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-494 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-494"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-21-141 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-141"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-111 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-111"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-521 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-521"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-229 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-229"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-125 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-125"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-097 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-097"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-107 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-107"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-259 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-259"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-468 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-468"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-258 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-258"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-095 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-095"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-463 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-463"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-119 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-119"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-393 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-393"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-375 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-375"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-455 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-493 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-493"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-332 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-332"
    }
  ]
}

GSD-2023-26210

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.

Aliases

CVE-2023-26210

Aliases

CVE-2023-26210

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-26210",
    "id": "GSD-2023-26210"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-26210"
      ],
      "details": "Multiple improper neutralization of special elements used in an os command (\u0027OS Command Injection\u0027) vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.",
      "id": "GSD-2023-26210",
      "modified": "2023-12-13T01:20:53.977380Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2023-26210",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FortiADCManager",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "7.1.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.0.0"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "6.2.0",
                          "version_value": "6.2.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.1.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "6.0.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "5.4.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "5.3.0"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "5.2.0",
                          "version_value": "5.2.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "FortiADC",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "7.2.0"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "7.1.0",
                          "version_value": "7.1.1"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "7.0.0",
                          "version_value": "7.0.5"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "6.2.0",
                          "version_value": "6.2.6"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "6.1.0",
                          "version_value": "6.1.6"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "6.0.0",
                          "version_value": "6.0.4"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "5.4.0",
                          "version_value": "5.4.5"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "5.3.0",
                          "version_value": "5.3.7"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_name": "5.2.0",
                          "version_value": "5.2.8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple improper neutralization of special elements used in an os command (\u0027OS Command Injection\u0027) vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-78",
                "lang": "eng",
                "value": "Execute unauthorized code or commands"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-076",
            "refsource": "MISC",
            "url": "https://fortiguard.com/psirt/FG-IR-23-076"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiADC version 7.2.1 or above\r\nPlease upgrade to FortiADC version 7.1.3 or above\r\nPlease upgrade to FortiADCManager version 7.2.0 or above\r\nPlease upgrade to FortiADCManager version 7.1.1 or above\r\nPlease upgrade to FortiADCManager version 7.0.1 or above"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.4",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.1.6",
                "versionStartIncluding": "6.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.5",
                "versionStartIncluding": "5.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.3.7",
                "versionStartIncluding": "5.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.8",
                "versionStartIncluding": "5.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.6",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.5",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc_manager:7.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc_manager:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc_manager:6.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc_manager:6.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc_manager:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc_manager:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc_manager:5.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc_manager:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc_manager:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc_manager:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2023-26210"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple improper neutralization of special elements used in an os command (\u0027OS Command Injection\u0027) vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-076",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/psirt/FG-IR-23-076"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-06-16T19:39Z",
      "publishedDate": "2023-06-13T09:15Z"
    }
  }
}

FKIE_CVE-2023-26210

Vulnerability from fkie_nvd - Published: 2023-06-13 09:15 - Updated: 2026-01-14 15:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-23-076	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-23-076	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortiadc	*
fortinet	fortiadc	*
fortinet	fortiadc	*
fortinet	fortiadc	*
fortinet	fortiadc	*
fortinet	fortiadc	*
fortinet	fortiadc	*
fortinet	fortiadc	7.1.0
fortinet	fortiadc	7.1.1
fortinet	fortiadc	7.1.2
fortinet	fortiadc	7.2.0
fortinet	fortiadc_manager	5.2.0
fortinet	fortiadc_manager	5.2.1
fortinet	fortiadc_manager	5.3.0
fortinet	fortiadc_manager	5.4.0
fortinet	fortiadc_manager	6.0.0
fortinet	fortiadc_manager	6.1.0
fortinet	fortiadc_manager	6.2.0
fortinet	fortiadc_manager	6.2.1
fortinet	fortiadc_manager	7.0.0
fortinet	fortiadc_manager	7.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B546C4E-F9AF-4514-B5A9-BD29A1FE663E",
              "versionEndIncluding": "5.2.8",
              "versionStartIncluding": "5.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EEDDB2-61AC-43F4-9719-3548057EF30E",
              "versionEndIncluding": "5.3.7",
              "versionStartIncluding": "5.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54EBC78D-0358-474F-9654-3EF9950D563B",
              "versionEndIncluding": "5.4.5",
              "versionStartIncluding": "5.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ADB57D8-1ABE-4401-B1B0-4640A34C555A",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31CF79E-6C56-4CD0-9DD2-FBB48D503786",
              "versionEndIncluding": "6.1.6",
              "versionStartIncluding": "6.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5275C5C-B6FD-4456-B143-ECDD282150C4",
              "versionEndIncluding": "6.2.6",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "302D8FF0-69B6-451A-9B5B-E28B2FAA30D8",
              "versionEndIncluding": "7.0.5",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B35D8D53-448B-474C-B7CB-324CB4ED7A82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "933701AE-43E3-4260-973B-4EA09C375965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3029D7-4C37-4468-9CCD-45C7259EFF2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B0A112-AA30-4D11-8F36-3DC8A2EBCA16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc_manager:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA5FB00-FC3E-4777-BD9A-734987027551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc_manager:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E41C15C-0F00-489B-A613-8ACEB42AB0E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc_manager:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "748AC964-D839-4C52-A66E-0BAA4AE01FF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc_manager:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE35CDD0-DFA3-47C9-BC7A-A96DC56104AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5202B6-3CD2-4D7E-8344-6A89B79B2311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc_manager:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F621087C-9173-4CB9-B3CA-303AD0DEBFD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc_manager:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "030BA301-8A64-46AB-990D-24BCDFCDE4E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc_manager:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "692AC209-F327-4746-933B-002601232B42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc_manager:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4CC6A0A-A3AB-443A-880A-608FC9598D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiadc_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9435E543-D4A4-416E-A8A7-CE45868E1F82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple improper neutralization of special elements used in an os command (\u0027OS Command Injection\u0027) vulnerabilties [CWE-78] vulnerability in Fortinet  allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests."
    }
  ],
  "id": "CVE-2023-26210",
  "lastModified": "2026-01-14T15:15:53.513",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-13T09:15:16.510",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-23-076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-23-076"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MHR4-7GPQ-RJPW

Vulnerability from github – Published: 2023-06-13 09:30 – Updated: 2024-04-04 04:45

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-26210"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-13T09:15:16Z",
    "severity": "HIGH"
  },
  "details": "Multiple improper neutralization of special elements used in an os command (\u0027OS Command Injection\u0027) vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.",
  "id": "GHSA-mhr4-7gpq-rjpw",
  "modified": "2024-04-04T04:45:39Z",
  "published": "2023-06-13T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26210"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-23-076"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-26210 (GCVE-0-2023-26210)

CERTFR-2023-AVI-0451

Solution

CERTFR-2023-AVI-0451

Solution

GSD-2023-26210

FKIE_CVE-2023-26210

GHSA-MHR4-7GPQ-RJPW

Tags

Sightings

Nomenclature