A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-22-280 | Patch Vendor Advisory |
| https://fortiguard.com/psirt/FG-IR-22-280 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:21
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
| References | () https://fortiguard.com/psirt/FG-IR-22-280 - Patch, Vendor Advisory |
Information
Published : 2023-02-16 19:15
Updated : 2024-11-21 07:21
NVD link : CVE-2022-40677
Mitre link : CVE-2022-40677
CVE.ORG link : CVE-2022-40677
JSON object : View
Products Affected
fortinet
- fortinac
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')