Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-35845

Published: 03/01/2023 Updated: 07/11/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Fortitester

Vulnerability Summary

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 up to and including 4.2.0, 2.3.0 up to and including 3.9.1 may allow an authenticated malicious user to execute arbitrary commands in the underlying shell.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fortinet fortitester

fortinet fortitester 7.0.0

fortinet fortitester 7.1.0

fortinet fortitester 4.0.0

fortinet fortitester 4.1.0

fortinet fortitester 4.1.1

fortinet fortitester 4.2.0

Vendor Advisories

Fortinet Security Advisories: FortiTester - Multiple command injection vulnerabilities in GUI and API
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester may allow an authenticated attacker to execute arbitrary commands in the underlying shell ...

References

CWE-78https://fortiguard.com/psirt/FG-IR-22-274https://nvd.nist.govhttps://fortiguard.com/psirt/FG-IR-22-274
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook