Unrated severityNVD Advisory· Published Oct 10, 2022· Updated Oct 25, 2024

CVE-2022-33872

Description

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.

Affected products

Fortinet/FortiTesterllm-fuzzy
Range: 2.3.0 - 3.9.1, 4.0.0 - 4.2.0, 7.0.0 - 7.1.0
Fortinet/Fortinetcpe-rescue
Range: FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.com/psirt/FG-IR-22-237mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000