Lucene search
HistoryNov 02, 2022 - 12:15 p.m.
CVE-2022-38372
fortitester
cli
undocumented command
privileged user
root shell
local
cve-2022-38372
cwe-1242
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command.
Affected configurations
Node
fortinetfortitesterRange2.3.0–3.9.1
ORfortinetfortitesterRange4.0.0–4.2.0
ORfortinetfortitesterMatch7.0.0
ORfortinetfortitesterMatch7.1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fortinet | fortitester | * | cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:* |
| fortinet | fortitester | 7.0.0 | cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:* |
| fortinet | fortitester | 7.1.0 | cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2022-38372
2022-11-02 00:00:00
prion
prion
Command injection
2022-11-02 12:15:00
fortinet
fortinet
FortiTester - Undocumented shell command
2022-11-01 00:00:00
cve
cve
CVE-2022-38372
2022-11-02 12:15:53
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2022-38372