OS Command Injection Vulnerability in Fortinet FortiADC
CVE-2022-27482

7.4HIGH

Key Information:

Vendor: Fortinet
Status: Fortiadc
Vendor: CVE Published:; 16 February 2023

What is CVE-2022-27482?

An improper neutralization of special elements in Fortinet FortiADC allows an attacker to exploit OS command injection vulnerabilities. This can lead to arbitrary shell code execution with root privileges via command-line interface (CLI) commands. The flaw exists in multiple versions of FortiADC, and it is critical for administrators to apply necessary patches to mitigate potential attacks that could compromise system integrity and data security.

Affected Version(s)

FortiADC 7.0.0 <= 7.0.2

FortiADC 6.2.0 <= 6.2.2

FortiADC 6.1.0 <= 6.1.6

References

https://fortiguard.com/psirt/FG-IR-22-046

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Mar 21, 2022