{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T05:07:53.792","vulnerabilities":[{"cve":{"id":"CVE-2021-43075","sourceIdentifier":"psirt@fortinet.com","published":"2022-03-01T19:15:08.480","lastModified":"2024-11-21T06:28:38.870","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers."},{"lang":"es","value":"Una neutralización inapropiada de los elementos especiales usados en un comando os (\"inyección de comando del sistema operativo\") en Fortinet FortiWLM versiones 8.6.2 y anteriores, versiones 8.5.2 y anteriores, versiones 8.4.2 y anteriores, versiones 8.3.2 y anteriores, permite al atacante ejecutar código o comandos no autorizados por medio de peticiones HTTP diseñadas a manejadores del tablero de alarmas y de la configuración del controlador."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*","versionEndIncluding":"8.3.2","matchCriteriaId":"2C156442-9A85-45E0-8380-D4B7C6865343"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0","versionEndIncluding":"8.4.2","matchCriteriaId":"6C20F8E9-D7F3-41A0-AAEF-5F176E85BF1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0","versionEndIncluding":"8.5.2","matchCriteriaId":"F1790F20-7DF7-46F4-9FC6-8B074CD0ED4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*","versionStartIncluding":"8.6.0","versionEndExcluding":"8.6.3","matchCriteriaId":"9986AB2E-6FFB-4DC1-8DE7-98B66AFD362E"}]}]}],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-128","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/advisory/FG-IR-21-128","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}