CVE-2022-35845
7.8HIGHMultiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through
Publicado: 1/3/2023Actualizado: 11/21/2024
Descripción
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.
Análisis IAImpulsado por IA
Productos Afectados
fortinetfortitester
fortinetfortitester
4.0.0
fortinetfortitester
4.1.0
fortinetfortitester
4.1.1
fortinetfortitester
4.2.0
fortinetfortitester
7.0.0
fortinetfortitester
7.1.0
Referencias
- https://fortiguard.com/psirt/FG-IR-22-274PatchVendor Advisory
- https://fortiguard.com/psirt/FG-IR-22-274PatchVendor Advisory