OS Command Injection Vulnerability in FortiTester by Fortinet
CVE-2022-33872

9.8CRITICAL

Key Information:

Vendor: Fortinet
Status: Fortinet Fortitester
Vendor: CVE Published:; 10 October 2022

Summary

The vulnerability exists in the Telnet login components of FortiTester, where improper handling of special elements permits an unauthenticated remote attacker to inject arbitrary commands into the underlying operating system shell. This significant flaw could lead to unauthorized execution of commands, putting sensitive data and system integrity at risk, necessitating immediate attention and remediation.

Affected Version(s)

Fortinet FortiTester FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0

References

https://fortiguard.com/psirt/FG-IR-22-237

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2022
Vulnerability Reserved
Jun 16, 2022