{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T20:00:09.710","vulnerabilities":[{"cve":{"id":"CVE-2021-43073","sourceIdentifier":"psirt@fortinet.com","published":"2022-02-02T11:15:07.937","lastModified":"2024-11-21T06:28:38.633","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests."},{"lang":"es","value":"Una neutralización inapropiada de los elementos especiales usados en un comando os (\"os command injection\") en Fortinet FortiWeb versiones 6.4.1 y 6.4.0, versiones 6.3.15 y anteriores, versiones 6.2.6 y anteriores, permite a un atacante ejecutar código o comandos no autorizados por medio de peticiones HTTP diseñadas"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.0","versionEndExcluding":"6.2.7","matchCriteriaId":"4FC69DE9-BDC7-479A-B1D6-8C440CEF07A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.0","versionEndExcluding":"6.3.17","matchCriteriaId":"0B1B7CFD-96E5-40EA-9CBC-48D0255081BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.2","matchCriteriaId":"C97F7E3F-4747-46AA-8D2C-5D7C363CDB14"}]}]}],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-180","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/advisory/FG-IR-21-180","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}