FortiTester

CVEs (11)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2022-33873	Fortinet Fortinet	0.02	—	0.22	Oct 10, 2022	An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute…
CVE-2023-40715	Fortinet FortiTester	0.00	—	0.00	Sep 13, 2023	A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.
CVE-2023-40717	Fortinet FortiTester	0.00	—	0.00	Sep 13, 2023	A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.
CVE-2022-35845	Fortinet FortiTester	0.00	—	0.04	Jan 3, 2023	Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the…
CVE-2022-33870	Fortinet Fortinet	0.00	—	0.00	Nov 2, 2022	An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via…
CVE-2022-38372	Fortinet Fortinet	0.00	—	0.00	Nov 2, 2022	A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command.
CVE-2022-35846	Fortinet Fortinet	0.00	—	0.01	Oct 10, 2022	An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.
CVE-2022-35844	Fortinet Fortinet	0.00	—	0.00	Oct 10, 2022	An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via…
CVE-2022-33872	Fortinet Fortinet	0.00	—	0.04	Oct 10, 2022	An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute…
CVE-2022-33874	Fortinet Fortinet	0.00	—	0.04	Oct 10, 2022	An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute…
CVE-2020-12815	Fortinet Fortinet	0.00	—	0.00	Sep 24, 2020	An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.

CVE-2022-33873Oct 10, 2022
Fortinet
Fortinet
risk 0.02cvss —epss 0.22
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute…
CVE-2023-40715Sep 13, 2023
Fortinet
FortiTester
risk 0.00cvss —epss 0.00
A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.
CVE-2023-40717Sep 13, 2023
Fortinet
FortiTester
risk 0.00cvss —epss 0.00
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.
CVE-2022-35845Jan 3, 2023
Fortinet
FortiTester
risk 0.00cvss —epss 0.04
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the…
CVE-2022-33870Nov 2, 2022
Fortinet
Fortinet
risk 0.00cvss —epss 0.00
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via…
CVE-2022-38372Nov 2, 2022
Fortinet
Fortinet
risk 0.00cvss —epss 0.00
A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command.
CVE-2022-35846Oct 10, 2022
Fortinet
Fortinet
risk 0.00cvss —epss 0.01
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.
CVE-2022-35844Oct 10, 2022
Fortinet
Fortinet
risk 0.00cvss —epss 0.00
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via…
CVE-2022-33872Oct 10, 2022
Fortinet
Fortinet
risk 0.00cvss —epss 0.04
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute…
CVE-2022-33874Oct 10, 2022
Fortinet
Fortinet
risk 0.00cvss —epss 0.04
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute…
CVE-2020-12815Sep 24, 2020
Fortinet
Fortinet
risk 0.00cvss —epss 0.00
An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.