SQL Injection Vulnerability in Fortinet FortiADC Products
CVE-2022-33875

5.1MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiadc
Vendor: CVE Published:; 6 December 2022

What is CVE-2022-33875?

An SQL Injection vulnerability exists in Fortinet FortiADC, allowing an authenticated attacker to send specially crafted HTTP requests. This could enable the execution of unauthorized commands, potentially compromising the integrity and security of the affected system. Organizations using vulnerable versions of FortiADC should review their systems and apply necessary updates to mitigate this risk.

Affected Version(s)

FortiADC 7.1.0

FortiADC 7.0.0 <= 7.0.3

FortiADC 6.2.0 <= 6.2.4

References

https://fortiguard.com/psirt/FG-IR-22-252

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2022
Vulnerability Reserved
Jun 16, 2022