CVE-2017-7341 - Vulnerability Details - OpenCVE

An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Fortinet	Fortiwlc

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortiwlc::::::::
	cpe:2.3:a:fortinet:fortiwlc::::::::
	cpe:2.3:a:fortinet:fortiwlc::::::::
	cpe:2.3:a:fortinet:fortiwlc::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/101273
https://fortiguard.com/psirt/FG-IR-17-119

History

Fri, 25 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2017-10-26T13:00:00

Updated: 2024-10-25T14:33:30.845Z

Reserved: 2017-03-30T00:00:00

Link: CVE-2017-7341

Vulnrichment

Updated: 2024-08-05T15:56:36.482Z

NVD

Status : Deferred

Published: 2017-10-26T13:29:00.370

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-7341

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-27T09:57:01", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/psirt/FG-IR-17-119"}, {"name": "101273", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101273"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2017-7341", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/psirt/FG-IR-17-119", "refsource": "CONFIRM", "url": "https://fortiguard.com/psirt/FG-IR-17-119"}, {"name": "101273", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101273"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:56:36.482Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/psirt/FG-IR-17-119"}, {"name": "101273", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101273"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-24T20:04:08.221212Z", "id": "CVE-2017-7341", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:33:30.845Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2017-7341", "datePublished": "2017-10-26T13:00:00", "dateReserved": "2017-03-30T00:00:00", "dateUpdated": "2024-10-25T14:33:30.845Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-17-119", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/101273", "name": "101273", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:56:36.482Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2017-7341", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-24T20:04:08.221212Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:18:40.153Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-13T00:00:00", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-17-119", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securityfocus.com/bid/101273", "name": "101273", "tags": ["vdb-entry", "x_refsource_BID"]}], "descriptions": [{"lang": "en", "value": "An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2017-10-27T09:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/psirt/FG-IR-17-119", "name": "https://fortiguard.com/psirt/FG-IR-17-119", "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/101273", "name": "101273", "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-7341", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com"}}}}, "cveMetadata": {"cveId": "CVE-2017-7341", "state": "PUBLISHED", "dateUpdated": "2024-10-25T14:33:30.845Z", "dateReserved": "2017-03-30T00:00:00", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2017-10-26T13:00:00", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", "matchCriteriaId": "32B5AEE4-D578-49CB-82B8-BB234EC09F82", "versionEndIncluding": "6.1-5", "versionStartIncluding": "6.1-2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", "matchCriteriaId": "C743E7EB-4C55-482D-B39A-51EF4E1AF19E", "versionEndIncluding": "7.0-10", "versionStartIncluding": "7.0-7", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", "matchCriteriaId": "6413A393-8FFC-46BC-92F1-DEA776815122", "versionEndIncluding": "8.2", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", "matchCriteriaId": "5210AB0C-6778-42D9-8353-ABD2E4C1C2AB", "versionEndIncluding": "8.3.2", "versionStartIncluding": "8.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos de sistema operativo en la interfaz de usuario web para la descarga de scripts en el punto de acceso al gestor de archivo ene Fortinet FortiWLC, desde la versi\u00f3n 6.1-2 hasta la 6.1-5, desde la 7.0-7 hasta la 7.0-10, la 8.0 hasta la 8.2 y la 8.3.0 hasta la 8.3.2 permite que un usuario administrador autenticado ejecute comandos arbitrarios de la consola del sistema mediante peticiones HTTP manipuladas."}], "id": "CVE-2017-7341", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-26T13:29:00.370", "references": [{"source": "psirt@fortinet.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101273"}, {"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-17-119"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101273"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-17-119"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}