153 matches found
FortiTester Security Vulnerabilities
FortiTester is a Fortinet Professional-based network traffic testing tool from FortiTester, Inc. A security vulnerability exists in FortiTester versions 2.3.0 through 7.2.3, which stems from the presence of a sensitive information plaintext storage vulnerability that could allow an attacker with...
PT-2023-5206 · Fortinet · Fortitester
Name of the Vulnerable Software and Affected Versions: FortiTester versions 2.3.0 through 7.2.3 Description: A use of hard-coded credentials issue in FortiTester may allow an attacker who has gained shell access to the device to access the database via shell commands. This could potentially lead ...
PT-2023-5207 · Fortinet · Fortitester
Name of the Vulnerable Software and Affected Versions: FortiTester versions 2.3.0 through 7.2.3 Description: A cleartext storage of sensitive information issue may allow an attacker with access to the database contents to retrieve the plaintext password of external servers configured in the devic...
The vulnerability of the graphical and application software interface of the FortiTester hardware-based diagnostic and audit software exists due to the failure to take measures to neutralize the special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.
The vulnerability of the graphical and application software interface of the FortiTester hardware-based diagnostic and audit software exists due to the failure to take measures to neutralize the special elements used in the operating system command set. Exploiting this vulnerability allows a...
Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities
Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. "An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attack...
Vulnerabilities fixed in Fortinet products
Vulnerabilities have been fixed in several products from Fortinet. These vulnerabilities allow an authenticated malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS in FortiPortal Bypassing authentication in FortiManager Circumvention of...
CVE-2022-35845
Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell...
CVE-2022-35845
Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell...
Command injection
Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell...
CVE-2022-35845
FortiTester is affected by CVE-2022-35845, an OS Command Injection vulnerability due to improper neutralization of special elements in use. The issue allows an authenticated attacker to execute arbitrary commands in the underlying shell. Affected FortiTester versions include 2.3.0–3.9.1, 4.0.0–4....
CVE-2022-35845
Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell...
CVE-2022-35845
Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell...
FortiTester - Multiple command injection vulnerabilities in GUI and API
Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester may allow an authenticated attacker to execute arbitrary commands in the underlying shell...
PT-2023-2122 · Fortinet · Fortitester
Name of the Vulnerable Software and Affected Versions: FortiTester versions 2.3.0 through 3.9.1 FortiTester versions 4.0.0 through 4.2.0 FortiTester versions 7.0.0 through 7.1.0 Description: The issue exists due to the failure to neutralize special elements used in an OS command, allowing an...
FortiTester 操作系统命令注入漏洞
FortiTester is a Fortinet professional-based network traffic testing tool from FortiTester, Inc. A security vulnerability exists in FortiTester 7.1.0, all versions of 7.0, versions 4.0.0 through 4.2.0, and versions 2.3.0 through 3.9.1, which stems from improper neutralization of multiple special...
The vulnerability of the software-hardware interface for diagnosing and auditing computer networks in FortiTester allows a perpetrator to execute arbitrary commands.
The vulnerability of the FortiTester’s software-and-hardware diagnostic and audit tool exists because measures are not taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using special...
CVE-2022-33870
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted...
CVE-2022-38372
A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...
CVE-2022-33870
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted...
CVE-2022-38372
A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...