Lucene search

K
nvd[email protected]NVD:CVE-2022-33873
HistoryOct 18, 2022 - 3:15 p.m.

CVE-2022-33873

2022-10-1815:15:09
CWE-78
web.nvd.nist.gov
5
cwe-78
fortitester
command injection
unauthenticated attacker
shell

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.3%

An improper neutralization of special elements used in an OS Command (‘OS Command Injection’) vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.

Affected configurations

Nvd
Node
fortinetfortitesterRange2.3.03.9.2
OR
fortinetfortitesterRange4.0.04.2.1
OR
fortinetfortitesterRange7.0.07.1.1
VendorProductVersionCPE
fortinetfortitester*cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.3%

Related for NVD:CVE-2022-33873