An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.
https://fortiguard.com/psirt/FG-IR-23-169
Source: Mitre, NVD
Published: 2023-10-10
Updated: 2026-06-17
Base Score: 6.2
Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:C/A:C
Severity: Medium
Base Score: 7.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Severity: High
EPSS: 0.00171