CVE-2023-26210

Q: What is the severity of CVE-2023-26210?

CVE-2023-26210 has a CVSS score of 7.8 (HIGH). This CVE describes OS command injection vulnerabilities in Fortinet products that allow local authenticated attackers to execute arbitrary shell commands with root privileges via crafted CLI requests. This affects Fortinet devices where attackers have local authenticated access. The vulnerability enables complete system compromise.

7.8 HIGH

Remote Code Execution

📋 TL;DR

This CVE describes OS command injection vulnerabilities in Fortinet products that allow local authenticated attackers to execute arbitrary shell commands with root privileges via crafted CLI requests. This affects Fortinet devices where attackers have local authenticated access. The vulnerability enables complete system compromise.

💻 Affected Systems

Products:

Fortinet FortiOS
Fortinet FortiProxy
Fortinet FortiSwitchManager

Versions: Multiple versions - see vendor advisory for specific affected versions

Operating Systems: FortiOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local authenticated access to the CLI interface. Affects devices running vulnerable versions regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with root privileges, allowing installation of persistent backdoors, data exfiltration, and lateral movement across the network.

🟠

Likely Case

Privilege escalation from authenticated user to root, enabling attackers to modify configurations, disable security controls, and maintain persistence.

🟢

If Mitigated

Limited impact if proper access controls restrict CLI access to trusted administrators only.

🌐 Internet-Facing: MEDIUM - While exploitation requires local authentication, internet-facing devices could be targeted if attackers gain initial access through other means.

🏢 Internal Only: HIGH - Internal attackers with authenticated access can exploit this to gain root privileges and compromise the entire device.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated CLI access but is straightforward once access is obtained. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple fixed versions - see vendor advisory for specific fixes

Vendor Advisory: https://fortiguard.com/psirt/FG-IR-23-076

Restart Required: Yes

Instructions:

1. Check current FortiOS/FortiProxy/FortiSwitchManager version. 2. Review FG-IR-23-076 advisory for affected versions. 3. Upgrade to recommended fixed version. 4. Reboot device after upgrade. 5. Verify fix is applied.

🔧 Temporary Workarounds

Restrict CLI Access

all

Limit CLI access to trusted administrators only using access control lists and authentication mechanisms.

config system admin
edit <admin_user>
set trusthost1 <trusted_ip> <mask>
end

Enable Command Logging

all

Enable detailed logging of CLI commands to detect suspicious activity.

config log setting
set cli-audit-log enable
end

🧯 If You Can't Patch

Implement strict access controls to limit CLI access to minimum necessary personnel
Monitor CLI command logs for suspicious activity and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check FortiOS version with 'get system status' and compare against affected versions in FG-IR-23-076 advisory.

Check Version:

get system status | grep Version

Verify Fix Applied:

Verify version is updated to fixed version listed in vendor advisory and test CLI command injection attempts.

📡 Detection & Monitoring

Log Indicators:

Unusual CLI command patterns
Multiple failed authentication attempts followed by successful CLI access
Commands with shell metacharacters or unusual parameters

Network Indicators:

Unusual SSH/Telnet connections to management interfaces
Traffic patterns indicating command execution

SIEM Query:

source="fortigate" AND (event_type="cli" AND command="*;*" OR command="*|*" OR command="*`*" OR command="*$(*")

📊 Metadata

CVE ID: CVE-2023-26210

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: June 13, 2023

Last Updated: January 14, 2026

🔗 References

https://fortiguard.com/psirt/FG-IR-23-076 Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-076 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc by Fortinet

Fortiadc Manager by Fortinet

Fortiadc Manager by Fortinet

Fortiadc Manager by Fortinet

Fortiadc Manager by Fortinet

Fortiadc Manager by Fortinet

Fortiadc Manager by Fortinet

Fortiadc Manager by Fortinet

Fortiadc Manager by Fortinet

Fortiadc Manager by Fortinet

Fortiadc Manager by Fortinet

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict CLI Access

Enable Command Logging

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities