A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root` via `execute` CLI commands.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-047 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Aug 2024, 14:29
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
Summary |
|
|
First Time |
Fortinet
Fortinet fortiddos Fortinet fortiddos-f |
|
References | () https://fortiguard.com/psirt/FG-IR-22-047 - Vendor Advisory | |
CPE | cpe:2.3:a:fortinet:fortiddos:5.7.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiddos:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiddos-f:6.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:* |
13 Aug 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-13 16:15
Updated : 2024-08-22 14:29
NVD link : CVE-2022-27486
Mitre link : CVE-2022-27486
CVE.ORG link : CVE-2022-27486
JSON object : View
Products Affected
fortinet
- fortiddos
- fortiddos-f
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')