CVE-2022-33874

CVE Database · CVE-2022-33874

CVE-2022-33874

· CRITICALModified

CVSS v3.1

9.8

EPSS

2.84%

Published

Oct 18, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78

Affected Products (3)

fortinet · fortitester (up to 3.9.2)vulnerable

fortinet · fortitester (up to 4.2.1)vulnerable

fortinet · fortitester (up to 7.1.1)vulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-22-237

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-237

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs