Vulnerability Details | |
---|---|
Severity | High |
Reported | 16 Oct 2021 |
Reported by | Nam (aka m3) from ECQ |
Fixed | 28-Oct-2021 |
Affected Builds | → Builds 125458 to 125472 → Builds 125456 and below |
Fixed in | → Build 125457 → Build 125473 |
Overview | There was a command injection vulnerability in the ipaddress/hostname field of the ping functionality. This vulnerability is specific to the configuration management module only. |
Recommended Fix |
→ For builds below 125456, please upgrade to version 125457 here. → For builds 125458 to 125472 and please upgrade to the version 125473 here. |
Earlier, there was a Remote Code Execution (RCE) vulnerability in the Ping functionality. This issue has been fixed now.
We recommend that you upgrade to the latest version of Firewall Analyzer or contact our support team at fwa-support@manageengine.com to fix this issue.
Source and Acknowledgements
Find out more about CVE-2021-43319 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at fwa-support@manageengine.com.