CVE-2019-15710

{"id": "CVE-2019-15710", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2019-10-31T20:15:11.100", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-273", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://fortiguard.com/psirt/FG-IR-19-273", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted \"execute date\" commands."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos de Sistema Operativo en FortiExtender versi\u00f3n 4.1.0 a 4.1.1, versi\u00f3n 4.0.0 y anteriores en la consola de administraci\u00f3n de la CLI puede permitir que administradores no autorizados ejecuten comandos arbitrarios a nivel del sistema por medio de comandos de \"execute date\" especialmente dise\u00f1ados."}], "lastModified": "2024-11-21T04:29:18.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortiguard:fortiextender_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93E3F6EC-6DDB-48F3-AC58-801B6AFC6E0E", "versionEndIncluding": "4.1.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fortiguard:fortiextender:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E7AA5432-CDD1-4038-8B21-0ACD29EC73A6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@fortinet.com"}