An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/advisory/FG-IR-20-190 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2021-09-30T15:18:38
Updated: 2024-08-03T19:14:10.057Z
Reserved: 2021-01-13T00:00:00
Link: CVE-2021-24016
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-09-30T16:15:07.350
Modified: 2021-10-08T03:22:19.737
Link: CVE-2021-24016
Redhat
No data.