CVE-2022-29061

CWE-78 — OS Command Injection4 documents4 sources

Severity

7.2HIGH

EPSS

2.9%

top 13.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisoar Fortinet Fortinet Fortisoar

Timeline

PublishedSep 9

Latest updateSep 10

Description

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortisoar7.0.0 — 7.0.3+2

▶CVEListV5fortinet/fortinet_fortisoarFortiSOAR 7.2.0, 7.0.2, 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.1

🔴Vulnerability Details

GHSA

GHSA-33f9-4h6q-m86q: An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7↗2022-09-10

▶

CVEList

CVE-2022-29061: An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7↗2022-09-09

▶

📋Vendor Advisories

Fortinet

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in...↗2022-09-09

▶