Hidden Functionality Vulnerability in FortiTester by Fortinet
CVE-2022-38372

6.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortitester
Vendor: CVE Published:; 2 November 2022

Summary

FortiTester, a testing and service validation tool from Fortinet, is susceptible to a local privilege escalation vulnerability. This issue arises from a hidden functionality accessible via undocumented commands within the FortiTester CLI across various versions. A local, privileged user can exploit this flaw to gain unauthorized root shell access on the device, potentially compromising the system's integrity and exposing sensitive information. For more information, refer to Fortinet's official advisory.

Affected Version(s)

Fortinet FortiTester FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0

References

https://fortiguard.com/psirt/FG-IR-22-283

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 2, 2022
Vulnerability Reserved
Aug 16, 2022