CVE-2022-27482

Summary

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiADC7.0.0 <= 7.0.2affected
FortinetFortiADC6.2.0 <= 6.2.2affected
FortinetFortiADC6.1.0 <= 6.1.6affected
FortinetFortiADC6.0.0 <= 6.0.4affected
FortinetFortiADC5.4.0 <= 5.4.5affected
FortinetFortiADC5.3.0 <= 5.3.7affected
FortinetFortiADC5.2.0 <= 5.2.8affected
FortinetFortiADC5.1.0 <= 5.1.7affected
FortinetFortiADC5.0.0 <= 5.0.4affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References