Command injection

2023-02-1619:15:00

PRIOn knowledge base

www.prio-n.com

command injection

fortinet fortiadc

version 7.0.0

version 6.2.2

version 6.1.6

version 6.0.x

version 5.x.x

arbitrary shell code

root access

cli commands

0.0004 Low

EPSS

Percentile

9.8%

JSON

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands.

CPENameOperatorVersion
fortiadceq7.0.1
fortiadceq7.0.0
fortiadcge6.0.0
fortiadcle6.0.4
fortiadcge6.1.0
fortiadcle6.1.6
fortiadcge6.2.0
fortiadclt6.2.4
fortiadcge5.4.0
fortiadcle5.4.5

Name	Operator	Version
fortiadc	eq	7.0.1
fortiadc	eq	7.0.0
fortiadc	ge	6.0.0
fortiadc	le	6.0.4
fortiadc	ge	6.1.0
fortiadc	le	6.1.6
fortiadc	ge	6.2.0
fortiadc	lt	6.2.4
fortiadc	ge	5.4.0
fortiadc	le	5.4.5

Rows per page:

1-10 of 181

References

fortiguard.com/psirt/FG-IR-22-046

0.0004 Low

EPSS

Percentile

9.8%

JSON

Related for PRION:CVE-2022-27482