CVE-2022-35845

Summary

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiTester7.1.0affected
FortinetFortiTester7.0.0affected
FortinetFortiTester4.2.0affected
FortinetFortiTester4.1.0 <= 4.1.1affected
FortinetFortiTester4.0.0affected
FortinetFortiTester3.9.0 <= 3.9.1affected
FortinetFortiTester3.8.0affected
FortinetFortiTester3.7.0 <= 3.7.1affected
FortinetFortiTester3.6.0affected
FortinetFortiTester3.5.0 <= 3.5.1affected
FortinetFortiTester3.4.0affected
FortinetFortiTester3.3.0 <= 3.3.1affected
FortinetFortiTester3.2.0affected
FortinetFortiTester3.1.0affected
FortinetFortiTester3.0.0affected
FortinetFortiTester2.9.0affected
FortinetFortiTester2.8.0affected
FortinetFortiTester2.7.0affected
FortinetFortiTester2.6.0affected
FortinetFortiTester2.5.0affected
FortinetFortiTester2.4.0 <= 2.4.1affected
FortinetFortiTester2.3.0affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References