Lucene search
+L

153 matches found

CNNVD
CNNVD
added 2023/09/13 12:0 a.m.5 views

FortiTester Security Vulnerabilities

FortiTester is a Fortinet Professional-based network traffic testing tool from FortiTester, Inc. A security vulnerability exists in FortiTester versions 2.3.0 through 7.2.3, which stems from the presence of a sensitive information plaintext storage vulnerability that could allow an attacker with...

5.5CVSS6.4AI score0.00152EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.5 views

PT-2023-5206 · Fortinet · Fortitester

Name of the Vulnerable Software and Affected Versions: FortiTester versions 2.3.0 through 7.2.3 Description: A use of hard-coded credentials issue in FortiTester may allow an attacker who has gained shell access to the device to access the database via shell commands. This could potentially lead ...

7.8CVSS7.5AI score0.00191EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.4 views

PT-2023-5207 · Fortinet · Fortitester

Name of the Vulnerable Software and Affected Versions: FortiTester versions 2.3.0 through 7.2.3 Description: A cleartext storage of sensitive information issue may allow an attacker with access to the database contents to retrieve the plaintext password of external servers configured in the devic...

5.5CVSS5.4AI score0.00152EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/04/06 12:0 a.m.7 views

The vulnerability of the graphical and application software interface of the FortiTester hardware-based diagnostic and audit software exists due to the failure to take measures to neutralize the special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the graphical and application software interface of the FortiTester hardware-based diagnostic and audit software exists due to the failure to take measures to neutralize the special elements used in the operating system command set. Exploiting this vulnerability allows a...

9CVSS8.2AI score0.01114EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2023/01/05 7:52 a.m.62 views

Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities

Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. "An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attack...

2.6AI score0.70578EPSS
Exploits0
NCSC
NCSC
added 2023/01/04 12:0 a.m.32 views

Vulnerabilities fixed in Fortinet products

Vulnerabilities have been fixed in several products from Fortinet. These vulnerabilities allow an authenticated malicious party to conduct attacks that result in the following categories of damage: Cross-Site Scripting XSS in FortiPortal Bypassing authentication in FortiManager Circumvention of...

8.8CVSS6.9AI score0.02891EPSS
Exploits0
OSV
OSV
added 2023/01/03 5:15 p.m.5 views

CVE-2022-35845

Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell...

8.8CVSS6AI score0.01114EPSS
Exploits0References1
NVD
NVD
added 2023/01/03 5:15 p.m.24 views

CVE-2022-35845

Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell...

8.8CVSS8.4AI score0.01114EPSS
Exploits0References1
Prion
Prion
added 2023/01/03 5:15 p.m.25 views

Command injection

Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell...

6.5CVSS9AI score0.01114EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/03 4:57 p.m.79 views

CVE-2022-35845

FortiTester is affected by CVE-2022-35845, an OS Command Injection vulnerability due to improper neutralization of special elements in use. The issue allows an authenticated attacker to execute arbitrary commands in the underlying shell. Affected FortiTester versions include 2.3.0–3.9.1, 4.0.0–4....

8.8CVSS9AI score0.01114EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/03 4:57 p.m.17 views

CVE-2022-35845

Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell...

7.8CVSS7.8AI score0.01114EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/03 4:57 p.m.38 views

CVE-2022-35845

Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell...

7.8CVSS9.2AI score0.01114EPSS
Exploits0References1
Fortinet
Fortinet
added 2023/01/03 12:0 a.m.54 views

FortiTester - Multiple command injection vulnerabilities in GUI and API

Multiple improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in FortiTester may allow an authenticated attacker to execute arbitrary commands in the underlying shell...

6.5CVSS9AI score0.01114EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.5 views

PT-2023-2122 · Fortinet · Fortitester

Name of the Vulnerable Software and Affected Versions: FortiTester versions 2.3.0 through 3.9.1 FortiTester versions 4.0.0 through 4.2.0 FortiTester versions 7.0.0 through 7.1.0 Description: The issue exists due to the failure to neutralize special elements used in an OS command, allowing an...

9CVSS9AI score0.01114EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/01/03 12:0 a.m.6 views

FortiTester 操作系统命令注入漏洞

FortiTester is a Fortinet professional-based network traffic testing tool from FortiTester, Inc. A security vulnerability exists in FortiTester 7.1.0, all versions of 7.0, versions 4.0.0 through 4.2.0, and versions 2.3.0 through 3.9.1, which stems from improper neutralization of multiple special...

8.8CVSS8.7AI score0.01114EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/01/03 12:0 a.m.7 views

The vulnerability of the software-hardware interface for diagnosing and auditing computer networks in FortiTester allows a perpetrator to execute arbitrary commands.

The vulnerability of the FortiTester’s software-and-hardware diagnostic and audit tool exists because measures are not taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using special...

9CVSS7.5AI score0.00295EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/11/02 12:15 p.m.30 views

CVE-2022-33870

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted...

7.8CVSS0.00427EPSS
Exploits0References1
NVD
NVD
added 2022/11/02 12:15 p.m.38 views

CVE-2022-38372

A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

6.7CVSS0.00179EPSS
Exploits0References1
OSV
OSV
added 2022/11/02 12:15 p.m.4 views

CVE-2022-33870

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted...

7.8CVSS5.9AI score0.00427EPSS
Exploits0References1
OSV
OSV
added 2022/11/02 12:15 p.m.3 views

CVE-2022-38372

A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

6.7CVSS5.8AI score0.00179EPSS
Exploits0References1
Rows per page
Query Builder