CVE-2021-24016
Published: 30 September 2021
Summary
CVE-2021-24016 is a low-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability in Fortinet Fortimanager. Its CVSS base score is 3.7 (Low).
Operationally, ranked at the 34.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-10936
Vulnerability details
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened…
more
unsafely on the victim host.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.