Lucene search

FortinetCVELIST:CVE-2022-30303

HistoryFeb 16, 2023 - 6:05 p.m.

CVE-2022-30303

2023-02-1618:05:22

CWE-78

fortinet

www.cve.org

cve-2022-30303

command injection

cwe-78

fortiweb

http requests

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

An improper neutralization of special elements used in an os command (‘OS Command Injection’) [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests.

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiWeb",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.3.0",
        "lessThanOrEqual": "6.3.19",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-22-163

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

Related for CVELIST:CVE-2022-30303