cbcvebase.
CVE-2022-40679
published 2023-04-11

CVE-2022-40679: An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Affected

37 ranges· showing 25
VendorProductVersion rangeFixed in
fortinetfortiadc
fortinetfortiadc
fortinetfortiadc>= 5.0.0 < 6.2.56.2.5
fortinetfortiadc5.0.0 – 5.0.4
fortinetfortiadc5.1.0 – 5.1.7
fortinetfortiadc5.2.0 – 5.2.8
fortinetfortiadc5.3.0 – 5.3.7
fortinetfortiadc5.4.0 – 5.4.5
fortinetfortiadc6.0.0 – 6.0.4
fortinetfortiadc6.1.0 – 6.1.6
fortinetfortiadc6.2.0 – 6.2.4
fortinetfortiadc7.0.0 – 7.0.3
fortinetfortiddos
fortinetfortiddos
fortinetfortiddos
fortinetfortiddos
fortinetfortiddos
fortinetfortiddos
fortinetfortiddos
fortinetfortiddos>= 4.0.0 < 5.7.05.7.0
fortinetfortiddos4.0.0 – 4.0.1
fortinetfortiddos4.1.1 – 4.1.12
fortinetfortiddos4.2.1 – 4.2.2
fortinetfortiddos4.3.0 – 4.3.2
fortinetfortiddos4.4.0 – 4.4.2