SQL Injection Vulnerabilities in Fortinet FortiADC Management Interface
CVE-2022-26120

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiadc
Vendor: CVE Published:; 18 July 2022

What is CVE-2022-26120?

Multiple instances of improper neutralization of special elements used in SQL commands within the FortiADC management interface could permit an authenticated attacker to execute unauthorized code or commands. This vulnerability arises when specially crafted HTTP requests are sent to exploit the affected versions of FortiADC, potentially compromising the integrity and confidentiality of the system. Active mitigation measures are necessary to safeguard against potential exploitation.

Affected Version(s)

Fortinet FortiADC FortiADC 7.0.0 through 7.0.1, 5.0.0 through 6.2.2

References

https://fortiguard.com/psirt/FG-IR-22-051

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2022
Vulnerability Reserved
Feb 25, 2022