CVE-2022-27482 — OS Command Injection in Fortinet Fortiadc

CWE-78 — OS Command Injection4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.6%

top 30.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiadc

Timeline

PublishedFeb 16

Description

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortiadc6.2.0 — 6.2.4+9

▶CVEListV5fortinet/fortiadc7.0.0 — 7.0.2+8

🔴Vulnerability Details

GHSA

GHSA-m6q6-w5rh-w74g: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7↗2023-02-16

▶

CVEList

CVE-2022-27482: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7↗2023-02-16

▶

📋Vendor Advisories

Fortinet

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC versio...↗2023-02-16

▶