Command Injection Vulnerability in Fortinet FortiNAC
CVE-2022-40677
7.2HIGH
Summary
A command injection vulnerability exists in Fortinet FortiNAC, where improper neutralization of argument delimiters allows an attacker to craft input parameters that can lead to the execution of unauthorized code or commands. This vulnerability spans multiple versions of the FortiNAC product and emphasizes the importance of securing user inputs to prevent potential exploitation by malicious actors.
Affected Version(s)
FortiNAC 9.4.0
FortiNAC 9.2.0 <= 9.2.5
FortiNAC 9.1.0 <= 9.1.7
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved