CVE-2022-26120

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiadc
Vendor: CVE Published:; 18 July 2022

Summary

Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Affected Version(s)

Fortinet FortiADC FortiADC 7.0.0 through 7.0.1, 5.0.0 through 6.2.2

References

https://fortiguard.com/psirt/FG-IR-22-051

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2022
Vulnerability Reserved
Feb 25, 2022