OS Command Injection Vulnerability in FortiTester by Fortinet
CVE-2022-33874

9.8CRITICAL

Key Information:

Vendor: Fortinet
Status: Fortinet Fortitester
Vendor: CVE Published:; 18 October 2022

What is CVE-2022-33874?

A vulnerability exists in the SSH login components of FortiTester, affecting various versions, allowing an unauthenticated remote attacker to execute arbitrary commands in the underlying shell due to improper neutralization of special elements. This flaw can be exploited to potentially gain unauthorized access and control over the system.

Affected Version(s)

Fortinet FortiTester FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0

References

https://fortiguard.com/psirt/FG-IR-22-237

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Jun 16, 2022