Command Injection Vulnerability in Fortinet FortiNAC
CVE-2022-40677

7.2HIGH

Key Information:

Vendor: Fortinet
Status: Fortinac
Vendor: CVE Published:; 16 February 2023

What is CVE-2022-40677?

A command injection vulnerability exists in Fortinet FortiNAC, where improper neutralization of argument delimiters allows an attacker to craft input parameters that can lead to the execution of unauthorized code or commands. This vulnerability spans multiple versions of the FortiNAC product and emphasizes the importance of securing user inputs to prevent potential exploitation by malicious actors.

Affected Version(s)

FortiNAC 9.4.0

FortiNAC 9.2.0 <= 9.2.5

FortiNAC 9.1.0 <= 9.1.7

References

https://fortiguard.com/psirt/FG-IR-22-280

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Sep 14, 2022