CVE-2022-33873

CWE-78OS Command Injection4 documents4 sources
Severity
9.8CRITICAL
EPSS
21.6%
top 4.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortitesterFortinet Fortinet Fortitester
Timeline
PublishedOct 18

Description

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortitester2.3.03.9.2+2
CVEListV5fortinet/fortinet_fortitesterFortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0

🔴Vulnerability Details

2
GHSA
GHSA-pgv3-vv3g-qp7g: An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of2022-10-18
CVEList
CVE-2022-33873: An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of2022-10-10

📋Vendor Advisories

1
Fortinet
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] i...2022-10-18
CVE-2022-33873 (CRITICAL CVSS 9.8) | An improper neutralization of speci | cvebase.io