CVE-2022-27489
published 2023-02-16CVE-2022-27489: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiextender | — | — |
| fortinet | fortiextender | — | — |
| fortinet | fortiextender | 3.0.0 – 3.0.2 | — |
| fortinet | fortiextender | 3.1.0 – 3.1.2 | — |
| fortinet | fortiextender | 3.2.1 – 3.2.3 | — |
| fortinet | fortiextender | 3.3.0 – 3.3.2 | — |
| fortinet | fortiextender | 4.0.0 – 4.0.2 | — |
| fortinet | fortiextender | 4.1.1 – 4.1.8 | — |
| fortinet | fortiextender | 4.2.0 – 4.2.4 | — |
| fortinet | fortiextender | 7.0.0 – 7.0.3 | — |
| fortinet | fortiextender_firmware | — | — |
| fortinet | fortiextender_firmware | — | — |
| fortinet | fortiextender_firmware | — | — |
| fortinet | fortiextender_firmware | — | — |
| fortinet | fortiextender_firmware | — | — |
| fortinet | fortiextender_firmware | — | — |
| fortinet | fortiextender_firmware | >= 3.2.1 < 3.2.4 | 3.2.4 |
| fortinet | fortiextender_firmware | >= 3.3.0 < 3.3.3 | 3.3.3 |
| fortinet | fortiextender_firmware | >= 4.1.1 < 4.1.9 | 4.1.9 |
| fortinet | fortiextender_firmware | >= 4.2.0 < 4.2.5 | 4.2.5 |
| fortinet | fortiextender_firmware | >= 7.0.0 < 7.0.4 | 7.0.4 |
| fortinet | fortiextenderfirmware | — | — |
| fortinet | fortinet | — | — |