CVE-2022-27486

{"id": "CVE-2022-27486", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 1.8}]}, "published": "2024-08-13T16:15:07.693", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-047", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root`\u00a0via `execute` CLI commands."}, {"lang": "es", "value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en Fortinet FortiDDoS versi\u00f3n 5.5.0 a 5.5.1, 5.4.2 a 5.4.0, 5.3.0 a 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 y 4.5.0 y FortiDDoS-F versi\u00f3n 6.3.0 a 6.3.1, 6.2.0 a 6.2.2, 6.1.0 a 6.1.4 permite una autenticaci\u00f3n atacante ejecutar c\u00f3digo de shell como \"root\" mediante comandos CLI \"ejecutar\"."}], "lastModified": "2024-08-22T14:29:44.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiddos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31921E5A-497A-4BD6-9BE8-2307272F3FEC", "versionEndExcluding": "5.6.2", "versionStartIncluding": "4.5.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos:5.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "258903F9-C0F0-40CD-8895-43FF00C71709"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "561DFFB8-E39C-40D1-A7E7-255BDD6F9F73"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "777DD368-CD36-4842-BA0F-C7C64E7D2A78", "versionEndExcluding": "6.4.2", "versionStartIncluding": "6.1.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-f:6.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DB1731B-7799-408B-8F8C-F5ABFEA7A180"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}