CVE-2022-35844
Severity
7.2HIGH
EPSS
0.3%
top 43.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 18
Description
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9
Affected Packages2 packages
▶CVEListV5fortinet/fortinet_fortitesterFortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0
🔴Vulnerability Details
2GHSA▶
GHSA-26rv-f7p7-57xj: An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2↗2022-10-18
CVEList▶
CVE-2022-35844: An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2↗2022-10-10
📋Vendor Advisories
1Fortinet▶
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface...↗2022-10-18