CVE-2022-35844

CVE Database · CVE-2022-35844

CVE-2022-35844

· MEDIUMModified

CVSS v3.1

6.7

EPSS

0.29%

Published

Oct 18, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78

Affected Products (3)

fortinet · fortitester (up to 3.9.2)vulnerable

fortinet · fortitester (up to 4.2.1)vulnerable

fortinet · fortitester (up to 7.1.1)vulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-22-247

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-247

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs