CVE-2022-40677

CWE-884 documents4 sources
Severity
8.8HIGH
EPSS
1.0%
top 23.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortinac
Timeline
PublishedFeb 16

Description

A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5fortinet/fortinac9.2.09.2.5+7
NVDfortinet/fortinac8.5.08.5.4+7

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
CVEList
CVE-2022-40677: A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 92023-02-16
GHSA
GHSA-jrrp-wvgf-hmfr: A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 92023-02-16

📋Vendor Advisories

1
Fortinet
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0...2023-02-16
CVE-2022-40677 (HIGH CVSS 8.8) | A improper neutralization of argume | cvebase.io