CVE-2022-35845: Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all…

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.

Affected

26 ranges· showing 25

Vendor	Product	Version range	Fixed in
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	—	—
fortinet	fortitester	2.3.0 – 3.9.1	—
fortinet	fortitester	2.4.0 – 2.4.1	—
fortinet	fortitester	3.3.0 – 3.3.1	—
fortinet	fortitester	3.5.0 – 3.5.1	—
fortinet	fortitester	3.7.0 – 3.7.1	—
fortinet	fortitester	3.9.0 – 3.9.1	—