CVE-2022-33872

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-22-237 Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*

Information

Published : 2022-10-18 08:15

Updated : 2022-10-21 06:00


NVD link : CVE-2022-33872

Mitre link : CVE-2022-33872


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

fortinet

  • fortitester