Hidden Functionality Vulnerability in FortiTester by Fortinet
CVE-2022-38372

6.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortitester
Vendor: CVE Published:; 2 November 2022

What is CVE-2022-38372?

FortiTester, a testing and service validation tool from Fortinet, is susceptible to a local privilege escalation vulnerability. This issue arises from a hidden functionality accessible via undocumented commands within the FortiTester CLI across various versions. A local, privileged user can exploit this flaw to gain unauthorized root shell access on the device, potentially compromising the system's integrity and exposing sensitive information. For more information, refer to Fortinet's official advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Fortinet FortiTester FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0

References

https://fortiguard.com/psirt/FG-IR-22-283

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 2, 2022
Vulnerability Reserved
Aug 16, 2022

JSON

Fortinet

What is CVE-2022-38372?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.