Unrated severityNVD Advisory· Published Nov 2, 2022· Updated Oct 25, 2024

CVE-2022-33870

Description

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Affected products

Fortinet/FortiTesterllm-fuzzy
Range: >=3.0.0 <=3.9.1, >=4.0.0 <=4.2.0, >=7.0.0 <=7.1.0
Fortinet/Fortinetcpe-rescue
Range: FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.com/psirt/FG-IR-22-070mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000