CVE-2022-22298

Summary

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiIsolator2.3.0 <= 2.3.3affected
FortinetFortiIsolator2.2.0affected
FortinetFortiIsolator2.1.0 <= 2.1.2affected
FortinetFortiIsolator2.0.0 <= 2.0.1affected
FortinetFortiIsolator1.2.0 <= 1.2.2affected
FortinetFortiIsolator1.1.0affected
FortinetFortiIsolator1.0.0affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References