OS Command Injection Vulnerability in FortiTester by Fortinet
CVE-2022-35845

7.6HIGH

Key Information:

Vendor: Fortinet
Status: Fortitester
Vendor: CVE Published:; 3 January 2023

What is CVE-2022-35845?

Multiple improper neutralization occurrences of special elements used in OS commands have been identified in FortiTester. These flaws could permit an authenticated attacker to execute arbitrary commands in the system's underlying shell, potentially leading to a breach of system integrity. Administrators are encouraged to review affected versions and apply necessary measures to mitigate these risks.

Affected Version(s)

FortiTester 7.1.0

FortiTester 7.0.0

FortiTester 4.2.0

References

https://fortiguard.com/psirt/FG-IR-22-274

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 3, 2023
Vulnerability Reserved
Jul 13, 2022