CVE-2022-33872

CWE-78OS Command Injection4 documents4 sources
Severity
9.8CRITICAL
EPSS
4.0%
top 11.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortitesterFortinet Fortinet Fortitester
Timeline
PublishedOct 18

Description

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortitester2.3.03.9.2+2
CVEListV5fortinet/fortinet_fortitesterFortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0

🔴Vulnerability Details

2
GHSA
GHSA-rw2w-6ffj-xj69: An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of F2022-10-18
CVEList
CVE-2022-33872: An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of F2022-10-10

📋Vendor Advisories

1
Fortinet
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] i...2022-10-18
CVE-2022-33872 (CRITICAL CVSS 9.8) | An improper neutralization of speci | cvebase.io