Lucene search

PRIOn knowledge basePRION:CVE-2022-33869

HistoryFeb 16, 2023 - 7:15 p.m.

Command injection

2023-02-1619:15:00

PRIOn knowledge base

www.prio-n.com

improper neutralization

os command vulnerability

fortiwan

authenticated attacker

unauthorized commands

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.4%

JSON

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

CPENameOperatorVersion
fortiwaneq4.4.1
fortiwaneq4.4.0
fortiwaneq4.3.1
fortiwaneq4.3.0
fortiwaneq4.2.7
fortiwaneq4.2.6
fortiwaneq4.2.5
fortiwaneq4.2.2
fortiwaneq4.2.1
fortiwaneq4.1.3

Name	Operator	Version
fortiwan	eq	4.4.1
fortiwan	eq	4.4.0
fortiwan	eq	4.3.1
fortiwan	eq	4.3.0
fortiwan	eq	4.2.7
fortiwan	eq	4.2.6
fortiwan	eq	4.2.5
fortiwan	eq	4.2.2
fortiwan	eq	4.2.1
fortiwan	eq	4.1.3

Rows per page:

1-10 of 161

References

fortiguard.com/psirt/FG-IR-22-157