OS Command Injection Vulnerability in Fortinet FortiManager and FortiAnalyzer
CVE-2022-27483
Key Information:
- Vendor
Fortinet
- Vendor
- CVE Published:
- 19 July 2022
What is CVE-2022-27483?
An OS command injection vulnerability exists in Fortinet's FortiManager and FortiAnalyzer, where inadequate neutralization of special elements in command-line instructions can be exploited by an attacker. This vulnerability affects several versions, allowing unauthorized execution of arbitrary shell commands as the 'root' user through 'diagnose system' command line interface commands. If exploited, it poses a significant risk to the integrity and confidentiality of the affected systems.
Affected Version(s)
Fortinet FortiManager, FortiAnalyzer FortiManager 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0; FortiAnalyzer 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0