{"containers": {"cna": {"affected": [{"product": "FortiExtender", "vendor": "Fortinet", "versions": [{"status": "affected", "version": "4.1.0 to 4.1.1"}, {"status": "affected", "version": "4.0.0 and below"}]}], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted \"execute date\" commands."}], "problemTypes": [{"descriptions": [{"description": "Execute unauthorized code or commands", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-04T18:51:39.000Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/psirt/FG-IR-19-273"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2019-15710", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FortiExtender", "version": {"version_data": [{"version_value": "4.1.0 to 4.1.1"}, {"version_value": "4.0.0 and below"}]}}]}, "vendor_name": "Fortinet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted \"execute date\" commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Execute unauthorized code or commands"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/psirt/FG-IR-19-273", "refsource": "CONFIRM", "url": "https://fortiguard.com/psirt/FG-IR-19-273"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:56:22.396Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/psirt/FG-IR-19-273"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-24T20:03:49.759787Z", "id": "CVE-2019-15710", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:28:08.293Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2019-15710", "datePublished": "2019-10-31T19:26:14.000Z", "dateReserved": "2019-08-27T00:00:00.000Z", "dateUpdated": "2024-10-25T14:28:08.293Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-273", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:56:22.396Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-15710", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-24T20:03:49.759787Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:17:29.122Z"}}], "cna": {"affected": [{"vendor": "Fortinet", "product": "FortiExtender", "versions": [{"status": "affected", "version": "4.1.0 to 4.1.1"}, {"status": "affected", "version": "4.0.0 and below"}]}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-19-273", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted \"execute date\" commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2019-11-04T18:51:39.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "4.1.0 to 4.1.1"}, {"version_value": "4.0.0 and below"}]}, "product_name": "FortiExtender"}]}, "vendor_name": "Fortinet"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/psirt/FG-IR-19-273", "name": "https://fortiguard.com/psirt/FG-IR-19-273", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted \"execute date\" commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Execute unauthorized code or commands"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-15710", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com"}}}}, "cveMetadata": {"cveId": "CVE-2019-15710", "state": "PUBLISHED", "dateUpdated": "2024-10-25T14:28:08.293Z", "dateReserved": "2019-08-27T00:00:00.000Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2019-10-31T19:26:14.000Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortiguard:fortiextender_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "93E3F6EC-6DDB-48F3-AC58-801B6AFC6E0E", "versionEndIncluding": "4.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fortiguard:fortiextender:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7AA5432-CDD1-4038-8B21-0ACD29EC73A6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted \"execute date\" commands."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos de Sistema Operativo en FortiExtender versi\u00f3n 4.1.0 a 4.1.1, versi\u00f3n 4.0.0 y anteriores en la consola de administraci\u00f3n de la CLI puede permitir que administradores no autorizados ejecuten comandos arbitrarios a nivel del sistema por medio de comandos de \"execute date\" especialmente dise\u00f1ados."}], "id": "CVE-2019-15710", "lastModified": "2024-11-21T04:29:18.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-31T20:15:11.100", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-273"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-19-273"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}