Command Injection Vulnerability in FortiTester by Fortinet
CVE-2022-33870

7.8HIGH

Key Information:

Vendor: Fortinet
Status: Fortinet Fortitester
Vendor: CVE Published:; 2 November 2022

Summary

An improper neutralization of special elements used in an OS command vulnerability exists in the command line interpreter of FortiTester, allowing an authenticated attacker to execute unauthorized commands. By sending specifically crafted arguments to existing commands, attackers can exploit this vulnerability, potentially leading to system compromise and unauthorized access. It is crucial for Fortinet users to review the affected versions and apply necessary patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Fortinet FortiTester FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0

References

https://fortiguard.com/psirt/FG-IR-22-070

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 2, 2022
Vulnerability Reserved
Jun 16, 2022