Unrated severityNVD Advisory· Published Oct 10, 2022· Updated Oct 25, 2024

CVE-2022-35844

Description

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.

Affected products

Fortinet/FortiTesterllm-fuzzy
Range: 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0
Fortinet/Fortinetcpe-rescue
Range: FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.com/psirt/FG-IR-22-247mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000