CVE-2021-43075: 
FortiWLM vulnerability analysis and mitigation

A command injection vulnerability (CVE-2021-43075) was identified in Fortinet FortiWLM affecting versions 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, and 8.3.2 and below. The vulnerability allows attackers to execute unauthorized code or commands through crafted HTTP requests targeting the alarm dashboard and controller config handlers (NVD).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) with a CVSS v3.1 Base Score of 8.8 (HIGH). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and no user interaction (UI:N). The scope is unchanged (S:U) with high impact on confidentiality (C:H), integrity (I:H), and availability (A:H) (NVD).

If successfully exploited, this vulnerability allows attackers to execute unauthorized code or commands on the affected systems, potentially leading to complete system compromise. The high CVSS score indicates severe potential impacts on system confidentiality, integrity, and availability (NVD).

Fortinet has addressed this vulnerability in updated versions of FortiWLM. Users are advised to upgrade to versions newer than 8.6.2, 8.5.2, 8.4.2, and 8.3.2 respectively (Vendor Advisory).