CVE-2022-33873

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-22-237 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-10-18 15:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-33873

Mitre link : CVE-2022-33873

CVE.ORG link : CVE-2022-33873


JSON object : View

Products Affected

fortinet

  • fortitester
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')