Fortinet's FortiDDoS Vulnerable to Command Injection Attacks
CVE-2022-27486

7.8HIGH

Key Information:

Vendor: Fortinet
Status: Fortiddos; Fortiddos-f
Vendor: CVE Published:; 13 August 2024

What is CVE-2022-27486?

An OS command injection vulnerability exists in Fortinet FortiDDoS, allowing authenticated attackers to execute arbitrary shell commands as root through crafted execute CLI commands. Multiple versions of both FortiDDoS and FortiDDoS-F products are affected. This security lapse can lead to unauthorized control over the device, posing significant risks to system integrity and data security.

Affected Version(s)

FortiDDoS 5.7.0

FortiDDoS 5.5.0 <= 5.5.1

FortiDDoS 5.4.0 <= 5.4.2

References

https://fortiguard.com/psirt/FG-IR-22-047

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Mar 21, 2022