Lucene search

FortinetCVE-2022-27486

HistoryAug 13, 2024 - 4:15 p.m.

CVE-2022-27486

2024-08-1316:15:07

CWE-78

fortinet

web.nvd.nist.gov

cve-2022-27486

command injection

fortinet fortiddos

fortiddos-f

authenticated attacker

shell code

root access

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

10.1%

JSON

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as root via execute CLI commands.

Affected configurations

Nvd

Node

fortinetfortiddosRange4.5.0–5.6.2

fortinetfortiddosMatch5.7.0

fortinetfortiddos-f

fortinetfortiddos-fRange6.1.0–6.4.2

fortinetfortiddos-fMatch6.5.0

VendorProductVersionCPE
fortinetfortiddos*cpe:2.3:a:fortinet:fortiddos:*:*:*:*:*:*:*:*
fortinetfortiddos5.7.0cpe:2.3:a:fortinet:fortiddos:5.7.0:*:*:*:*:*:*:*
fortinetfortiddos-f*cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*
fortinetfortiddos-f6.5.0cpe:2.3:a:fortinet:fortiddos-f:6.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortiddos	*	cpe:2.3:a:fortinet:fortiddos::::::::
fortinet	fortiddos	5.7.0	cpe:2.3:a:fortinet:fortiddos:5.7.0:::::::*
fortinet	fortiddos-f	*	cpe:2.3:a:fortinet:fortiddos-f::::::::
fortinet	fortiddos-f	6.5.0	cpe:2.3:a:fortinet:fortiddos-f:6.5.0:::::::*

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiDDoS",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "5.7.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "5.5.0",
        "lessThanOrEqual": "5.5.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "5.4.0",
        "lessThanOrEqual": "5.4.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "5.3.0",
        "lessThanOrEqual": "5.3.2",
        "status": "affected"
      },
      {
        "version": "5.2.0",
        "status": "affected"
      },
      {
        "version": "5.1.0",
        "status": "affected"
      },
      {
        "version": "5.0.0",
        "status": "affected"
      },
      {
        "version": "4.7.0",
        "status": "affected"
      },
      {
        "version": "4.6.0",
        "status": "affected"
      },
      {
        "version": "4.5.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Fortinet",
    "product": "FortiDDoS-F",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "6.5.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.3.0",
        "lessThanOrEqual": "6.3.4",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.2.0",
        "lessThanOrEqual": "6.2.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.1.0",
        "lessThanOrEqual": "6.1.5",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-22-047

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

10.1%

JSON

Related for CVE-2022-27486