Vulnerabilites related to Fortinet - FortiTester
var-202210-1160
Vulnerability from variot
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell. fortinet's FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1160", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "7.0.0", }, { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "2.3.0", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "3.9.2", }, { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "4.0.0", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "7.1.1", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "4.2.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "4.0.0 that's all 4.2.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "7.0.0 that's all 7.1.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "2.3.0 that's all 3.9.2", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019310", }, { db: "NVD", id: "CVE-2022-33873", }, ], }, cve: "CVE-2022-33873", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-33873", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "PHYSICAL", author: "psirt@fortinet.com", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.9, id: "CVE-2022-33873", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-33873", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-33873", trust: 1, value: "CRITICAL", }, { author: "psirt@fortinet.com", id: "CVE-2022-33873", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2022-33873", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202210-1201", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019310", }, { db: "CNNVD", id: "CNNVD-202210-1201", }, { db: "NVD", id: "CVE-2022-33873", }, { db: "NVD", id: "CVE-2022-33873", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell. fortinet's FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-33873", }, { db: "JVNDB", id: "JVNDB-2022-019310", }, { db: "VULHUB", id: "VHN-426024", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-33873", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-019310", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202210-1201", trust: 0.6, }, { db: "VULHUB", id: "VHN-426024", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-426024", }, { db: "JVNDB", id: "JVNDB-2022-019310", }, { db: "CNNVD", id: "CNNVD-202210-1201", }, { db: "NVD", id: "CVE-2022-33873", }, ], }, id: "VAR-202210-1160", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-426024", }, ], trust: 0.01, }, last_update_date: "2024-08-14T15:37:20.573000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-237", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-22-237", }, { title: "FortiTester Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=211662", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019310", }, { db: "CNNVD", id: "CNNVD-202210-1201", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-426024", }, { db: "JVNDB", id: "JVNDB-2022-019310", }, { db: "NVD", id: "CVE-2022-33873", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-237", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-33873", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-33873/", }, ], sources: [ { db: "VULHUB", id: "VHN-426024", }, { db: "JVNDB", id: "JVNDB-2022-019310", }, { db: "CNNVD", id: "CNNVD-202210-1201", }, { db: "NVD", id: "CVE-2022-33873", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-426024", }, { db: "JVNDB", id: "JVNDB-2022-019310", }, { db: "CNNVD", id: "CNNVD-202210-1201", }, { db: "NVD", id: "CVE-2022-33873", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-10-18T00:00:00", db: "VULHUB", id: "VHN-426024", }, { date: "2023-10-25T00:00:00", db: "JVNDB", id: "JVNDB-2022-019310", }, { date: "2022-10-18T00:00:00", db: "CNNVD", id: "CNNVD-202210-1201", }, { date: "2022-10-18T15:15:09.743000", db: "NVD", id: "CVE-2022-33873", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-10-21T00:00:00", db: "VULHUB", id: "VHN-426024", }, { date: "2023-10-25T05:35:00", db: "JVNDB", id: "JVNDB-2022-019310", }, { date: "2022-10-24T00:00:00", db: "CNNVD", id: "CNNVD-202210-1201", }, { date: "2022-10-21T13:00:09.717000", db: "NVD", id: "CVE-2022-33873", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202210-1201", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiTester In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2022-019310", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202210-1201", }, ], trust: 0.6, }, }
var-202210-1231
Vulnerability from variot
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack. fortinet's FortiTester Is vulnerable to improper restrictions on excessive authentication attempts.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1231", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "7.0.0", }, { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "2.3.0", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "3.9.2", }, { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "4.0.0", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "7.1.1", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "4.2.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "4.0.0 that's all 4.2.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "7.0.0 that's all 7.1.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "2.3.0 that's all 3.9.2", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019251", }, { db: "NVD", id: "CVE-2022-35846", }, ], }, cve: "CVE-2022-35846", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-35846", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "NETWORK", author: "psirt@fortinet.com", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.2, id: "CVE-2022-35846", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-35846", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-35846", trust: 1, value: "CRITICAL", }, { author: "psirt@fortinet.com", id: "CVE-2022-35846", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-35846", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202210-1205", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019251", }, { db: "CNNVD", id: "CNNVD-202210-1205", }, { db: "NVD", id: "CVE-2022-35846", }, { db: "NVD", id: "CVE-2022-35846", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack. fortinet's FortiTester Is vulnerable to improper restrictions on excessive authentication attempts.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-35846", }, { db: "JVNDB", id: "JVNDB-2022-019251", }, { db: "VULHUB", id: "VHN-432097", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-35846", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-019251", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202210-1205", trust: 0.6, }, { db: "VULHUB", id: "VHN-432097", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-432097", }, { db: "JVNDB", id: "JVNDB-2022-019251", }, { db: "CNNVD", id: "CNNVD-202210-1205", }, { db: "NVD", id: "CVE-2022-35846", }, ], }, id: "VAR-202210-1231", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-432097", }, ], trust: 0.01, }, last_update_date: "2024-08-14T15:21:35.180000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-244", trust: 0.8, url: "https://fortiguard.com/psirt/FG-IR-22-244", }, { title: "FortiTester Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=211495", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019251", }, { db: "CNNVD", id: "CNNVD-202210-1205", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-307", trust: 1.1, }, { problemtype: "Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-432097", }, { db: "JVNDB", id: "JVNDB-2022-019251", }, { db: "NVD", id: "CVE-2022-35846", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-244", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-35846", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-35846/", }, ], sources: [ { db: "VULHUB", id: "VHN-432097", }, { db: "JVNDB", id: "JVNDB-2022-019251", }, { db: "CNNVD", id: "CNNVD-202210-1205", }, { db: "NVD", id: "CVE-2022-35846", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-432097", }, { db: "JVNDB", id: "JVNDB-2022-019251", }, { db: "CNNVD", id: "CNNVD-202210-1205", }, { db: "NVD", id: "CVE-2022-35846", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-10-18T00:00:00", db: "VULHUB", id: "VHN-432097", }, { date: "2023-10-25T00:00:00", db: "JVNDB", id: "JVNDB-2022-019251", }, { date: "2022-10-18T00:00:00", db: "CNNVD", id: "CNNVD-202210-1205", }, { date: "2022-10-18T14:15:09.663000", db: "NVD", id: "CVE-2022-35846", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-10-20T00:00:00", db: "VULHUB", id: "VHN-432097", }, { date: "2023-10-25T02:43:00", db: "JVNDB", id: "JVNDB-2022-019251", }, { date: "2022-10-21T00:00:00", db: "CNNVD", id: "CNNVD-202210-1205", }, { date: "2022-10-20T19:03:57.443000", db: "NVD", id: "CVE-2022-35846", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202210-1205", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiTester Vulnerability in improperly limiting excessive authentication attempts in", sources: [ { db: "JVNDB", id: "JVNDB-2022-019251", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202210-1205", }, ], trust: 0.6, }, }
var-202210-1190
Vulnerability from variot
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature. fortinet's FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1190", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "7.0.0", }, { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "2.3.0", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "3.9.2", }, { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "4.0.0", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "7.1.1", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "4.2.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "4.0.0 that's all 4.2.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "7.0.0 that's all 7.1.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "2.3.0 that's all 3.9.2", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019253", }, { db: "NVD", id: "CVE-2022-35844", }, ], }, cve: "CVE-2022-35844", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2022-35844", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "psirt@fortinet.com", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, id: "CVE-2022-35844", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-35844", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-35844", trust: 1, value: "HIGH", }, { author: "psirt@fortinet.com", id: "CVE-2022-35844", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2022-35844", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202210-1206", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019253", }, { db: "CNNVD", id: "CNNVD-202210-1206", }, { db: "NVD", id: "CVE-2022-35844", }, { db: "NVD", id: "CVE-2022-35844", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature. fortinet's FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-35844", }, { db: "JVNDB", id: "JVNDB-2022-019253", }, { db: "VULHUB", id: "VHN-432095", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-35844", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-019253", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202210-1206", trust: 0.6, }, { db: "VULHUB", id: "VHN-432095", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-432095", }, { db: "JVNDB", id: "JVNDB-2022-019253", }, { db: "CNNVD", id: "CNNVD-202210-1206", }, { db: "NVD", id: "CVE-2022-35844", }, ], }, id: "VAR-202210-1190", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-432095", }, ], trust: 0.01, }, last_update_date: "2024-08-14T14:24:29.129000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-247", trust: 0.8, url: "https://fortiguard.com/psirt/FG-IR-22-247", }, { title: "FortiTester Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=211496", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019253", }, { db: "CNNVD", id: "CNNVD-202210-1206", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-432095", }, { db: "JVNDB", id: "JVNDB-2022-019253", }, { db: "NVD", id: "CVE-2022-35844", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-247", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-35844", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-35844/", }, ], sources: [ { db: "VULHUB", id: "VHN-432095", }, { db: "JVNDB", id: "JVNDB-2022-019253", }, { db: "CNNVD", id: "CNNVD-202210-1206", }, { db: "NVD", id: "CVE-2022-35844", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-432095", }, { db: "JVNDB", id: "JVNDB-2022-019253", }, { db: "CNNVD", id: "CNNVD-202210-1206", }, { db: "NVD", id: "CVE-2022-35844", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-10-18T00:00:00", db: "VULHUB", id: "VHN-432095", }, { date: "2023-10-25T00:00:00", db: "JVNDB", id: "JVNDB-2022-019253", }, { date: "2022-10-18T00:00:00", db: "CNNVD", id: "CNNVD-202210-1206", }, { date: "2022-10-18T14:15:09.590000", db: "NVD", id: "CVE-2022-35844", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-10-20T00:00:00", db: "VULHUB", id: "VHN-432095", }, { date: "2023-10-25T02:45:00", db: "JVNDB", id: "JVNDB-2022-019253", }, { date: "2022-10-21T00:00:00", db: "CNNVD", id: "CNNVD-202210-1206", }, { date: "2022-10-20T18:50:42.873000", db: "NVD", id: "CVE-2022-35844", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202210-1206", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiTester In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2022-019253", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202210-1206", }, ], trust: 0.6, }, }
var-202210-1453
Vulnerability from variot
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. fortinet's FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1453", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "7.0.0", }, { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "2.3.0", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "3.9.2", }, { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "4.0.0", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "7.1.1", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "4.2.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "4.0.0 that's all 4.2.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "7.0.0 that's all 7.1.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "2.3.0 that's all 3.9.2", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019308", }, { db: "NVD", id: "CVE-2022-33874", }, ], }, cve: "CVE-2022-33874", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-33874", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-33874", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-33874", trust: 1, value: "CRITICAL", }, { author: "psirt@fortinet.com", id: "CVE-2022-33874", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-33874", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202210-1200", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019308", }, { db: "CNNVD", id: "CNNVD-202210-1200", }, { db: "NVD", id: "CVE-2022-33874", }, { db: "NVD", id: "CVE-2022-33874", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. fortinet's FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-33874", }, { db: "JVNDB", id: "JVNDB-2022-019308", }, { db: "VULHUB", id: "VHN-426025", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-33874", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-019308", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202210-1200", trust: 0.6, }, { db: "VULHUB", id: "VHN-426025", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-426025", }, { db: "JVNDB", id: "JVNDB-2022-019308", }, { db: "CNNVD", id: "CNNVD-202210-1200", }, { db: "NVD", id: "CVE-2022-33874", }, ], }, id: "VAR-202210-1453", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-426025", }, ], trust: 0.01, }, last_update_date: "2024-08-14T15:42:11.552000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-237", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-22-237", }, { title: "FortiTester Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=211661", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019308", }, { db: "CNNVD", id: "CNNVD-202210-1200", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-426025", }, { db: "JVNDB", id: "JVNDB-2022-019308", }, { db: "NVD", id: "CVE-2022-33874", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-237", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-33874", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-33874/", }, ], sources: [ { db: "VULHUB", id: "VHN-426025", }, { db: "JVNDB", id: "JVNDB-2022-019308", }, { db: "CNNVD", id: "CNNVD-202210-1200", }, { db: "NVD", id: "CVE-2022-33874", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-426025", }, { db: "JVNDB", id: "JVNDB-2022-019308", }, { db: "CNNVD", id: "CNNVD-202210-1200", }, { db: "NVD", id: "CVE-2022-33874", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-10-18T00:00:00", db: "VULHUB", id: "VHN-426025", }, { date: "2023-10-25T00:00:00", db: "JVNDB", id: "JVNDB-2022-019308", }, { date: "2022-10-18T00:00:00", db: "CNNVD", id: "CNNVD-202210-1200", }, { date: "2022-10-18T15:15:09.800000", db: "NVD", id: "CVE-2022-33874", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-10-21T00:00:00", db: "VULHUB", id: "VHN-426025", }, { date: "2023-10-25T05:33:00", db: "JVNDB", id: "JVNDB-2022-019308", }, { date: "2022-10-24T00:00:00", db: "CNNVD", id: "CNNVD-202210-1200", }, { date: "2022-10-21T12:59:37.607000", db: "NVD", id: "CVE-2022-33874", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202210-1200", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiTester In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2022-019308", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202210-1200", }, ], trust: 0.6, }, }
var-202211-0092
Vulnerability from variot
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. fortinet's FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202211-0092", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.2.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.6.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.9.1", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "4.1.1", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.7.1", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.3.1", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.8.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.5.1", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.1.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "4.2.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.4.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "7.0.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.0.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "7.1.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.5.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "4.0.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.3.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.9.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.7.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "4.1.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "3.5.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "3.3.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "7.1.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "3.7.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "3.3.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "3.0.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "3.9.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "3.4.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "3.8.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "3.7.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "3.9.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "3.2.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "3.6.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "4.1.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "4.0.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "3.1.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "4.1.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "4.2.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "7.0.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "3.5.1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-022817", }, { db: "NVD", id: "CVE-2022-33870", }, ], }, cve: "CVE-2022-33870", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2022-33870", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-33870", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-33870", trust: 1, value: "HIGH", }, { author: "psirt@fortinet.com", id: "CVE-2022-33870", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-33870", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202211-1920", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-022817", }, { db: "CNNVD", id: "CNNVD-202211-1920", }, { db: "NVD", id: "CVE-2022-33870", }, { db: "NVD", id: "CVE-2022-33870", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. fortinet's FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-33870", }, { db: "JVNDB", id: "JVNDB-2022-022817", }, { db: "VULHUB", id: "VHN-426021", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-33870", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-022817", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202211-1920", trust: 0.6, }, { db: "VULHUB", id: "VHN-426021", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-426021", }, { db: "JVNDB", id: "JVNDB-2022-022817", }, { db: "CNNVD", id: "CNNVD-202211-1920", }, { db: "NVD", id: "CVE-2022-33870", }, ], }, id: "VAR-202211-0092", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-426021", }, ], trust: 0.01, }, last_update_date: "2024-08-14T15:37:19.899000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-070", trust: 0.8, url: "https://fortiguard.com/psirt/FG-IR-22-070", }, { title: "FortiTester Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=213134", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-022817", }, { db: "CNNVD", id: "CNNVD-202211-1920", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-426021", }, { db: "JVNDB", id: "JVNDB-2022-022817", }, { db: "NVD", id: "CVE-2022-33870", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-070", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-33870", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-33870/", }, ], sources: [ { db: "VULHUB", id: "VHN-426021", }, { db: "JVNDB", id: "JVNDB-2022-022817", }, { db: "CNNVD", id: "CNNVD-202211-1920", }, { db: "NVD", id: "CVE-2022-33870", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-426021", }, { db: "JVNDB", id: "JVNDB-2022-022817", }, { db: "CNNVD", id: "CNNVD-202211-1920", }, { db: "NVD", id: "CVE-2022-33870", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-11-02T00:00:00", db: "VULHUB", id: "VHN-426021", }, { date: "2023-11-21T00:00:00", db: "JVNDB", id: "JVNDB-2022-022817", }, { date: "2022-11-02T00:00:00", db: "CNNVD", id: "CNNVD-202211-1920", }, { date: "2022-11-02T12:15:53.053000", db: "NVD", id: "CVE-2022-33870", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-11-04T00:00:00", db: "VULHUB", id: "VHN-426021", }, { date: "2023-11-21T01:44:00", db: "JVNDB", id: "JVNDB-2022-022817", }, { date: "2022-11-07T00:00:00", db: "CNNVD", id: "CNNVD-202211-1920", }, { date: "2022-11-04T13:42:49.823000", db: "NVD", id: "CVE-2022-33870", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202211-1920", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiTester In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2022-022817", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202211-1920", }, ], trust: 0.6, }, }
var-202009-0096
Vulnerability from variot
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. Fortinet FortiAnalyzer is a centralized network security reporting solution from Fortinet. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. Fortinet FortiAnalyzer has a security vulnerability, which stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to trigger cross-site scripting through the storage connector to run JavaScript code in the context of the website
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0096", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.8.0", }, { model: "fortianalyzer", scope: "eq", trust: 1, vendor: "fortinet", version: "6.2.5", }, { model: "fortianalyzer", scope: "eq", trust: 1, vendor: "fortinet", version: "6.4.1", }, { model: "fortitester", scope: "lte", trust: 1, vendor: "fortinet", version: "3.7.0", }, { model: "fortianalyzer", scope: "eq", trust: 1, vendor: "fortinet", version: "6.4.0", }, ], sources: [ { db: "NVD", id: "CVE-2020-12817", }, ], }, cve: "CVE-2020-12817", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2020-12817", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "VHN-165533", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2020-12817", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2020-12817", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202009-1286", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-165533", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-165533", }, { db: "CNNVD", id: "CNNVD-202009-1286", }, { db: "NVD", id: "CVE-2020-12817", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. Fortinet FortiAnalyzer is a centralized network security reporting solution from Fortinet. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. Fortinet FortiAnalyzer has a security vulnerability, which stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to trigger cross-site scripting through the storage connector to run JavaScript code in the context of the website", sources: [ { db: "NVD", id: "CVE-2020-12817", }, { db: "VULHUB", id: "VHN-165533", }, ], trust: 0.99, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-12817", trust: 1.7, }, { db: "AUSCERT", id: "ESB-2020.3228", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202009-1286", trust: 0.6, }, { db: "CNVD", id: "CNVD-2020-53812", trust: 0.1, }, { db: "VULHUB", id: "VHN-165533", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-165533", }, { db: "CNNVD", id: "CNNVD-202009-1286", }, { db: "NVD", id: "CVE-2020-12817", }, ], }, id: "VAR-202009-0096", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-165533", }, ], trust: 0.01, }, last_update_date: "2024-11-23T22:11:24.066000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Fortinet FortiAnalyzer Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129722", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202009-1286", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.1, }, { problemtype: "CWE-74", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-165533", }, { db: "NVD", id: "CVE-2020-12817", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/advisory/fg-ir-20-054", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/fortinet-fortianalyzer-cross-site-scripting-via-storage-connectors-33381", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3228/", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2020-12817", }, ], sources: [ { db: "VULHUB", id: "VHN-165533", }, { db: "CNNVD", id: "CNNVD-202009-1286", }, { db: "NVD", id: "CVE-2020-12817", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-165533", }, { db: "CNNVD", id: "CNNVD-202009-1286", }, { db: "NVD", id: "CVE-2020-12817", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-24T00:00:00", db: "VULHUB", id: "VHN-165533", }, { date: "2020-09-22T00:00:00", db: "CNNVD", id: "CNNVD-202009-1286", }, { date: "2020-09-24T15:15:13.173000", db: "NVD", id: "CVE-2020-12817", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-21T00:00:00", db: "VULHUB", id: "VHN-165533", }, { date: "2020-10-22T00:00:00", db: "CNNVD", id: "CNNVD-202009-1286", }, { date: "2024-11-21T05:00:20.053000", db: "NVD", id: "CVE-2020-12817", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202009-1286", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Fortinet FortiAnalyzer Injection vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202009-1286", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "injection", sources: [ { db: "CNNVD", id: "CNNVD-202009-1286", }, ], trust: 0.6, }, }
var-202301-0175
Vulnerability from variot
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell. FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202301-0175", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "7.1.0", }, { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "2.3.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "4.0.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "4.2.0", }, { model: "fortitester", scope: "lte", trust: 1, vendor: "fortinet", version: "3.9.1", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "4.1.1", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "7.0.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "4.1.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "4.0.0 to 4.2.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "7.0.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "7.1.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "2.3.0 to 3.9.1", }, { model: "fortitester", scope: null, trust: 0.8, vendor: "フォーティネット", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-001490", }, { db: "NVD", id: "CVE-2022-35845", }, ], }, cve: "CVE-2022-35845", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2022-35845", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "psirt@fortinet.com", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2022-35845", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-35845", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-35845", trust: 1, value: "HIGH", }, { author: "psirt@fortinet.com", id: "CVE-2022-35845", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-35845", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202301-133", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-001490", }, { db: "CNNVD", id: "CNNVD-202301-133", }, { db: "NVD", id: "CVE-2022-35845", }, { db: "NVD", id: "CVE-2022-35845", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell. FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-35845", }, { db: "JVNDB", id: "JVNDB-2023-001490", }, { db: "VULHUB", id: "VHN-432096", }, { db: "VULMON", id: "CVE-2022-35845", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-35845", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2023-001490", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2023.0069", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202301-133", trust: 0.6, }, { db: "VULHUB", id: "VHN-432096", trust: 0.1, }, { db: "VULMON", id: "CVE-2022-35845", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-432096", }, { db: "VULMON", id: "CVE-2022-35845", }, { db: "JVNDB", id: "JVNDB-2023-001490", }, { db: "CNNVD", id: "CNNVD-202301-133", }, { db: "NVD", id: "CVE-2022-35845", }, ], }, id: "VAR-202301-0175", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-432096", }, ], trust: 0.01, }, last_update_date: "2024-08-14T13:42:09.251000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-274", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-22-274", }, { title: "FortiTester Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=220849", }, { title: "Fortinet Security Advisories: FortiTester - Multiple command injection vulnerabilities in GUI and API", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-22-274", }, { title: "", trust: 0.1, url: "https://github.com/Live-Hack-CVE/CVE-2022-35845 ", }, ], sources: [ { db: "VULMON", id: "CVE-2022-35845", }, { db: "JVNDB", id: "JVNDB-2023-001490", }, { db: "CNNVD", id: "CNNVD-202301-133", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-432096", }, { db: "JVNDB", id: "JVNDB-2023-001490", }, { db: "NVD", id: "CVE-2022-35845", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://fortiguard.com/psirt/fg-ir-22-274", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-35845", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.0069", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-35845/", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2022-35845", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-432096", }, { db: "VULMON", id: "CVE-2022-35845", }, { db: "JVNDB", id: "JVNDB-2023-001490", }, { db: "CNNVD", id: "CNNVD-202301-133", }, { db: "NVD", id: "CVE-2022-35845", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-432096", }, { db: "VULMON", id: "CVE-2022-35845", }, { db: "JVNDB", id: "JVNDB-2023-001490", }, { db: "CNNVD", id: "CNNVD-202301-133", }, { db: "NVD", id: "CVE-2022-35845", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-03T00:00:00", db: "VULHUB", id: "VHN-432096", }, { date: "2023-01-03T00:00:00", db: "VULMON", id: "CVE-2022-35845", }, { date: "2023-04-11T00:00:00", db: "JVNDB", id: "JVNDB-2023-001490", }, { date: "2023-01-03T00:00:00", db: "CNNVD", id: "CNNVD-202301-133", }, { date: "2023-01-03T17:15:10.327000", db: "NVD", id: "CVE-2022-35845", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-10T00:00:00", db: "VULHUB", id: "VHN-432096", }, { date: "2023-01-04T00:00:00", db: "VULMON", id: "CVE-2022-35845", }, { date: "2023-04-11T08:46:00", db: "JVNDB", id: "JVNDB-2023-001490", }, { date: "2023-01-11T00:00:00", db: "CNNVD", id: "CNNVD-202301-133", }, { date: "2023-11-07T03:49:25.400000", db: "NVD", id: "CVE-2022-35845", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202301-133", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "FortiTester In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2023-001490", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202301-133", }, ], trust: 0.6, }, }
var-202211-0213
Vulnerability from variot
A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command. fortinet's FortiTester Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202211-0213", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "7.1.0", }, { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "4.0.0", }, { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "2.3.0", }, { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "7.0.0", }, { model: "fortitester", scope: "lte", trust: 1, vendor: "fortinet", version: "3.9.1", }, { model: "fortitester", scope: "lte", trust: 1, vendor: "fortinet", version: "4.2.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "2.3.0 to 3.9.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "7.0.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "7.1.0", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "4.0.0 to 4.2.0", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-022809", }, { db: "NVD", id: "CVE-2022-38372", }, ], }, cve: "CVE-2022-38372", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, id: "CVE-2022-38372", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 6.7, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-38372", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-38372", trust: 1, value: "MEDIUM", }, { author: "psirt@fortinet.com", id: "CVE-2022-38372", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2022-38372", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202211-1916", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-022809", }, { db: "CNNVD", id: "CNNVD-202211-1916", }, { db: "NVD", id: "CVE-2022-38372", }, { db: "NVD", id: "CVE-2022-38372", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command. fortinet's FortiTester Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-38372", }, { db: "JVNDB", id: "JVNDB-2022-022809", }, { db: "VULHUB", id: "VHN-434166", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-38372", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-022809", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202211-1916", trust: 0.6, }, { db: "VULHUB", id: "VHN-434166", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-434166", }, { db: "JVNDB", id: "JVNDB-2022-022809", }, { db: "CNNVD", id: "CNNVD-202211-1916", }, { db: "NVD", id: "CVE-2022-38372", }, ], }, id: "VAR-202211-0213", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-434166", }, ], trust: 0.01, }, last_update_date: "2024-08-14T15:11:12.988000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-283", trust: 0.8, url: "https://fortiguard.com/psirt/FG-IR-22-283", }, { title: "FortiTester Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=213133", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-022809", }, { db: "CNNVD", id: "CNNVD-202211-1916", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "others (CWE-Other) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-022809", }, { db: "NVD", id: "CVE-2022-38372", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-283", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-38372", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-38372/", }, ], sources: [ { db: "VULHUB", id: "VHN-434166", }, { db: "JVNDB", id: "JVNDB-2022-022809", }, { db: "CNNVD", id: "CNNVD-202211-1916", }, { db: "NVD", id: "CVE-2022-38372", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-434166", }, { db: "JVNDB", id: "JVNDB-2022-022809", }, { db: "CNNVD", id: "CNNVD-202211-1916", }, { db: "NVD", id: "CVE-2022-38372", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-11-02T00:00:00", db: "VULHUB", id: "VHN-434166", }, { date: "2023-11-21T00:00:00", db: "JVNDB", id: "JVNDB-2022-022809", }, { date: "2022-11-02T00:00:00", db: "CNNVD", id: "CNNVD-202211-1916", }, { date: "2022-11-02T12:15:53.800000", db: "NVD", id: "CVE-2022-38372", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-11-04T00:00:00", db: "VULHUB", id: "VHN-434166", }, { date: "2023-11-21T01:15:00", db: "JVNDB", id: "JVNDB-2022-022809", }, { date: "2022-11-07T00:00:00", db: "CNNVD", id: "CNNVD-202211-1916", }, { date: "2022-11-04T03:26:28.770000", db: "NVD", id: "CVE-2022-38372", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202211-1916", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiTester Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2022-022809", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202211-1916", }, ], trust: 0.6, }, }
var-202009-0094
Vulnerability from variot
An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. FortiTester Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0094", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortitester", scope: "eq", trust: 1, vendor: "fortinet", version: "3.8.0", }, { model: "fortianalyzer", scope: "lte", trust: 1, vendor: "fortinet", version: "6.4.1", }, { model: "fortitester", scope: "lte", trust: 1, vendor: "fortinet", version: "3.7.0", }, { model: "fortianalyzer", scope: "lte", trust: 1, vendor: "fortinet", version: "6.2.5", }, { model: "fortianalyzer", scope: "gte", trust: 1, vendor: "fortinet", version: "6.4.0", }, { model: "fortitester", scope: null, trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortianalyzer", scope: null, trust: 0.8, vendor: "フォーティネット", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-011846", }, { db: "NVD", id: "CVE-2020-12815", }, ], }, cve: "CVE-2020-12815", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CVE-2020-12815", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 1.8, vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "VHN-165531", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 0.1, vectorString: "AV:N/AC:M/AU:S/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.3, id: "CVE-2020-12815", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.4, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2020-12815", impactScore: null, integrityImpact: "Low", privilegesRequired: "Low", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2020-12815", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2020-12815", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202009-1287", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-165531", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-165531", }, { db: "JVNDB", id: "JVNDB-2020-011846", }, { db: "CNNVD", id: "CNNVD-202009-1287", }, { db: "NVD", id: "CVE-2020-12815", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. FortiTester Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with", sources: [ { db: "NVD", id: "CVE-2020-12815", }, { db: "JVNDB", id: "JVNDB-2020-011846", }, { db: "VULHUB", id: "VHN-165531", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-12815", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2020-011846", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2020.3228", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202009-1287", trust: 0.6, }, { db: "VULHUB", id: "VHN-165531", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-165531", }, { db: "JVNDB", id: "JVNDB-2020-011846", }, { db: "CNNVD", id: "CNNVD-202009-1287", }, { db: "NVD", id: "CVE-2020-12815", }, ], }, id: "VAR-202009-0094", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-165531", }, ], trust: 0.01, }, last_update_date: "2024-11-23T22:11:24.086000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-20-054", trust: 0.8, url: "https://www.fortiguard.com/psirt/FG-IR-20-054", }, { title: "Fortinet FortiAnalyzer Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129723", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-011846", }, { db: "CNNVD", id: "CNNVD-202009-1287", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.1, }, { problemtype: "Cross-site scripting (CWE-79) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-165531", }, { db: "JVNDB", id: "JVNDB-2020-011846", }, { db: "NVD", id: "CVE-2020-12815", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/advisory/fg-ir-20-054", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-12815", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/fortinet-fortianalyzer-cross-site-scripting-via-storage-connectors-33381", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3228/", }, ], sources: [ { db: "VULHUB", id: "VHN-165531", }, { db: "JVNDB", id: "JVNDB-2020-011846", }, { db: "CNNVD", id: "CNNVD-202009-1287", }, { db: "NVD", id: "CVE-2020-12815", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-165531", }, { db: "JVNDB", id: "JVNDB-2020-011846", }, { db: "CNNVD", id: "CNNVD-202009-1287", }, { db: "NVD", id: "CVE-2020-12815", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-24T00:00:00", db: "VULHUB", id: "VHN-165531", }, { date: "2021-04-15T00:00:00", db: "JVNDB", id: "JVNDB-2020-011846", }, { date: "2020-09-22T00:00:00", db: "CNNVD", id: "CNNVD-202009-1287", }, { date: "2020-09-24T18:15:16.963000", db: "NVD", id: "CVE-2020-12815", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-06T00:00:00", db: "VULHUB", id: "VHN-165531", }, { date: "2021-04-15T09:09:00", db: "JVNDB", id: "JVNDB-2020-011846", }, { date: "2020-10-22T00:00:00", db: "CNNVD", id: "CNNVD-202009-1287", }, { date: "2024-11-21T05:00:19.800000", db: "NVD", id: "CVE-2020-12815", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202009-1287", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "FortiTester Cross-site Scripting Vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2020-011846", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202009-1287", }, ], trust: 0.6, }, }
var-202210-1266
Vulnerability from variot
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. fortinet's FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1266", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "7.0.0", }, { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "2.3.0", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "3.9.2", }, { model: "fortitester", scope: "gte", trust: 1, vendor: "fortinet", version: "4.0.0", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "7.1.1", }, { model: "fortitester", scope: "lt", trust: 1, vendor: "fortinet", version: "4.2.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: null, }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "4.0.0 that's all 4.2.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "7.0.0 that's all 7.1.1", }, { model: "fortitester", scope: "eq", trust: 0.8, vendor: "フォーティネット", version: "2.3.0 that's all 3.9.2", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019311", }, { db: "NVD", id: "CVE-2022-33872", }, ], }, cve: "CVE-2022-33872", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2022-33872", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-33872", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2022-33872", trust: 1, value: "CRITICAL", }, { author: "psirt@fortinet.com", id: "CVE-2022-33872", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2022-33872", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-202210-1202", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019311", }, { db: "CNNVD", id: "CNNVD-202210-1202", }, { db: "NVD", id: "CVE-2022-33872", }, { db: "NVD", id: "CVE-2022-33872", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. fortinet's FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-33872", }, { db: "JVNDB", id: "JVNDB-2022-019311", }, { db: "VULHUB", id: "VHN-426023", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-33872", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2022-019311", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202210-1202", trust: 0.6, }, { db: "VULHUB", id: "VHN-426023", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-426023", }, { db: "JVNDB", id: "JVNDB-2022-019311", }, { db: "CNNVD", id: "CNNVD-202210-1202", }, { db: "NVD", id: "CVE-2022-33872", }, ], }, id: "VAR-202210-1266", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-426023", }, ], trust: 0.01, }, last_update_date: "2024-08-14T14:02:19.270000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "FG-IR-22-237", trust: 0.8, url: "https://fortiguard.com/psirt/FG-IR-22-237", }, { title: "FortiTester Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=211663", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-019311", }, { db: "CNNVD", id: "CNNVD-202210-1202", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.1, }, { problemtype: "OS Command injection (CWE-78) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-426023", }, { db: "JVNDB", id: "JVNDB-2022-019311", }, { db: "NVD", id: "CVE-2022-33872", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://fortiguard.com/psirt/fg-ir-22-237", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-33872", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-33872/", }, ], sources: [ { db: "VULHUB", id: "VHN-426023", }, { db: "JVNDB", id: "JVNDB-2022-019311", }, { db: "CNNVD", id: "CNNVD-202210-1202", }, { db: "NVD", id: "CVE-2022-33872", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-426023", }, { db: "JVNDB", id: "JVNDB-2022-019311", }, { db: "CNNVD", id: "CNNVD-202210-1202", }, { db: "NVD", id: "CVE-2022-33872", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-10-18T00:00:00", db: "VULHUB", id: "VHN-426023", }, { date: "2023-10-25T00:00:00", db: "JVNDB", id: "JVNDB-2022-019311", }, { date: "2022-10-18T00:00:00", db: "CNNVD", id: "CNNVD-202210-1202", }, { date: "2022-10-18T15:15:09.687000", db: "NVD", id: "CVE-2022-33872", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-10-21T00:00:00", db: "VULHUB", id: "VHN-426023", }, { date: "2023-10-25T05:39:00", db: "JVNDB", id: "JVNDB-2022-019311", }, { date: "2022-10-24T00:00:00", db: "CNNVD", id: "CNNVD-202210-1202", }, { date: "2022-10-21T13:00:32.270000", db: "NVD", id: "CVE-2022-33872", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202210-1202", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "fortinet's FortiTester In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2022-019311", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202210-1202", }, ], trust: 0.6, }, }
Vulnerability from fkie_nvd
Published
2023-01-03 17:15
Modified
2024-11-21 07:11
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-274 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-274 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortitester | * | |
| fortinet | fortitester | 4.0.0 | |
| fortinet | fortitester | 4.1.0 | |
| fortinet | fortitester | 4.1.1 | |
| fortinet | fortitester | 4.2.0 | |
| fortinet | fortitester | 7.0.0 | |
| fortinet | fortitester | 7.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "00C0E7B6-1837-4D91-A582-95455D0AA092", versionEndIncluding: "3.9.1", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "23A3ABD7-9694-4784-9CD4-E8A1FA715682", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E79982C9-CB89-41B9-A294-B9830897304A", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7BB327AD-00E1-4397-B992-E182785E8ECC", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E47F051E-5D15-456D-9C0D-1AE6FF347155", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "90D54E79-62C6-427F-9DD1-B3A99944E418", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "48797E89-FD8C-4904-9A8B-55F8D3840DB2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.", }, { lang: "es", value: "Múltiples vulnerabilidades de neutralización incorrecta de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') [CWE-78] en FortiTester 7.1.0, 7.0 todas las versiones, 4.0.0 a 4.2.0, 2.3.0 a 3.9.1 pueden permitir que un atacante autenticado ejecute comandos arbitrarios en el shell subyacente.", }, ], id: "CVE-2022-35845", lastModified: "2024-11-21T07:11:48.527", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-03T17:15:10.327", references: [ { source: "psirt@fortinet.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-274", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-274", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-18 14:15
Modified
2024-11-21 07:11
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-247 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-247 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortitester | * | |
| fortinet | fortitester | * | |
| fortinet | fortitester | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "0A56D42B-F3B0-419F-8F1B-2826E28436BD", versionEndExcluding: "3.9.2", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "FE2EA412-DFA8-4EA8-80B1-081B994AFEDC", versionEndExcluding: "4.2.1", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "B708B54C-64C3-4793-8F81-896CFCA2AFF9", versionEndExcluding: "7.1.1", versionStartIncluding: "7.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.", }, { lang: "es", value: "Una neutralización inapropiada de los elementos especiales usados en una vulnerabilidad de comandos del Sistema Operativo [CWE-78] en la interfaz de administración de FortiTester versiones 2.3.0 hasta 3.9.1, 4.0.0 hasta 4.2.0, 7.0.0 hasta 7.1.0, puede permitir a un atacante autenticado ejecutar comandos no autorizados por medio de argumentos específicamente diseñados para los comandos de la funcionalidad certificate import", }, ], id: "CVE-2022-35844", lastModified: "2024-11-21T07:11:48.393", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-18T14:15:09.590", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-247", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-247", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-02 12:15
Modified
2024-11-21 07:16
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-283 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-283 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortitester | * | |
| fortinet | fortitester | * | |
| fortinet | fortitester | 7.0.0 | |
| fortinet | fortitester | 7.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "00C0E7B6-1837-4D91-A582-95455D0AA092", versionEndIncluding: "3.9.1", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "C3B44324-2384-4801-98B1-A2B4712AAF4C", versionEndIncluding: "4.2.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "90D54E79-62C6-427F-9DD1-B3A99944E418", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "48797E89-FD8C-4904-9A8B-55F8D3840DB2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command.", }, { lang: "es", value: "Una vulnerabilidad de funcionalidad oculta [CWE-1242] en FortiTester CLI 2.3.0 a 3.9.1, 4.0.0 a 4.2.0, 7.0.0 a 7.1.0 puede permitir que un usuario local privilegiado obtenga un shell root en el dispositivo a través de un comando indocumentado.", }, ], id: "CVE-2022-38372", lastModified: "2024-11-21T07:16:20.600", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-02T12:15:53.800", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-283", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-18 15:15
Modified
2024-11-21 07:08
Severity ?
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-237 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-237 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortitester | * | |
| fortinet | fortitester | * | |
| fortinet | fortitester | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "0A56D42B-F3B0-419F-8F1B-2826E28436BD", versionEndExcluding: "3.9.2", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "FE2EA412-DFA8-4EA8-80B1-081B994AFEDC", versionEndExcluding: "4.2.1", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "B708B54C-64C3-4793-8F81-896CFCA2AFF9", versionEndExcluding: "7.1.1", versionStartIncluding: "7.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.", }, { lang: "es", value: "Unas vulnerabilidades de neutralización inapropiada de los elementos especiales usados en un comando del Sistema Operativo (\"Inyección de Comandos del Sistema Operativo\") [CWE-78] en los componentes de inicio de sesión de la consola de FortiTester versiones 2.3.0 hasta 3.9.1, 4.0.0 hasta 4.2.0, 7.0.0 hasta 7.1.0, puede permitir a un atacante no autenticado ejecutar un comando arbitrario en el shell subyacente", }, ], id: "CVE-2022-33873", lastModified: "2024-11-21T07:08:30.127", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-18T15:15:09.743", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-237", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-237", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-22 10:15
Modified
2025-02-12 13:39
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-21-254 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortiadc | * | |
| fortinet | fortiauthenticator | * | |
| fortinet | fortiauthenticator | * | |
| fortinet | fortiddos | * | |
| fortinet | fortiddos-f | * | |
| fortinet | fortimail | * | |
| fortinet | fortindr | * | |
| fortinet | fortindr | 7.2.0 | |
| fortinet | fortiproxy | * | |
| fortinet | fortiproxy | * | |
| fortinet | fortirecorder | * | |
| fortinet | fortirecorder | * | |
| fortinet | fortisoar | * | |
| fortinet | fortitester | * | |
| fortinet | fortivoice | * | |
| fortinet | fortiwlc | * | |
| fortinet | fortios | * | |
| fortinet | fortios | * | |
| fortinet | fortiswitch | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", matchCriteriaId: "B7685DE5-EEF4-4EFF-9EE0-1ABC59A46B91", versionEndExcluding: "6.2.4", versionStartIncluding: "5.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*", matchCriteriaId: "959F9558-9C68-4046-AF5F-C543C9B5C3DE", versionEndExcluding: "6.3.4", versionStartIncluding: "6.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*", matchCriteriaId: "B4F857C3-0369-45CD-8745-FC6086A6B401", versionEndExcluding: "6.4.2", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiddos:*:*:*:*:*:*:*:*", matchCriteriaId: "5C2587E4-5D24-4C81-AD13-B3205FA07D14", versionEndExcluding: "5.5.2", versionStartIncluding: "5.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*", matchCriteriaId: "999EDF79-3052-4A4E-9B71-B0FEDEBFE33E", versionEndExcluding: "6.3.4", versionStartIncluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", matchCriteriaId: "9E3E1107-F78C-41B7-A8D4-E984EF551B1B", versionEndExcluding: "7.0.4", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*", matchCriteriaId: "2798BBCF-0867-4C5B-9F28-6CD9846DAD7E", versionEndExcluding: "7.1.1", versionStartIncluding: "1.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "06DD8B01-B4BC-432D-9045-40AD6DA84CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", matchCriteriaId: "C4BF015A-6391-40D1-9FC4-C73110A2D52E", versionEndExcluding: "7.0.5", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", matchCriteriaId: "CF9591AF-D4A5-44F6-8535-1D166646E118", versionEndExcluding: "7.4.0", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", matchCriteriaId: "0A7151C5-DB42-4F91-B84C-CDA9CEF73A23", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", matchCriteriaId: "2DDA9A48-7687-40A3-A14F-5EB89A20A386", versionEndExcluding: "6.4.3", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*", matchCriteriaId: "B72000EC-F0D5-4100-B0DB-7405EDE32C76", versionEndExcluding: "7.3.0", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "C8838FC8-770F-41ED-8F25-8E2953258677", versionEndExcluding: "7.2.2", versionStartIncluding: "3.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", matchCriteriaId: "C97B8181-C602-4E70-B3EA-CBE1FA62A220", versionEndExcluding: "6.4.9", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiwlc:*:*:*:*:*:*:*:*", matchCriteriaId: "C68A52C3-281D-4B4E-B0AA-0162D846BBB2", versionEndExcluding: "8.6.7", versionStartIncluding: "8.6.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "00C9C02B-E40F-4536-BC74-A7DA84E4B845", versionEndExcluding: "7.0.6", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "4562BDF7-D894-4CD8-95AC-9409FDEBE73F", versionEndExcluding: "7.2.5", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*", matchCriteriaId: "FF5E55C0-C600-4234-AA0C-21259AA6D97F", versionEndExcluding: "7.0.5", versionStartIncluding: "6.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver", }, { lang: "es", value: "Una referencia controlada externamente a un recurso en otra esfera en Fortinet FortiManager anterior a la versión 7.4.3, FortiMail anterior a la versión 7.0.3, FortiAnalyzer anterior a la versión 7.4.3, FortiVoice versión 7.0.0, 7.0.1 y anterior a 6.4.8, FortiProxy anterior a la versión 7.0.4, FortiRecorder versión 6.4.0 a 6.4.2 y anterior a 6.0.10, FortiAuthenticator versión 6.4.0 a 6.4.1 y anterior a 6.3.3, FortiNDR versión 7.2.0 anterior a 7.1.0, FortiWLC anterior a la versión 8.6.4, FortiPortal anterior a la versión 6.0.9, FortiOS versión 7.2.0 y anterior a 7.0.5, FortiADC versión 7.0.0 a 7.0.1 y anterior 6.2.3, FortiDDoS anterior a la versión 5.5.1, FortiDDoS-F anterior a la versión 6.3.3, FortiTester anterior a la versión 7.2.1, FortiSOAR anterior a la versión 7.2.2 y FortiSwitch anterior a la versión 6.3.3 permiten a los atacantes envenenar cachés web a través de solicitudes HTTP manipulado, donde el encabezado `Host` apunta a un servidor web arbitrario.", }, ], id: "CVE-2022-23439", lastModified: "2025-02-12T13:39:42.107", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 2.7, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-01-22T10:15:07.737", references: [ { source: "psirt@fortinet.com", tags: [ "Broken Link", ], url: "https://fortiguard.com/psirt/FG-IR-21-254", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-610", }, ], source: "psirt@fortinet.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-13 13:15
Modified
2024-11-21 08:20
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-245 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-245 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortitester | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "2EEDB613-6C76-4B86-AA8A-4C72C97AF1B7", versionEndIncluding: "7.2.3", versionStartIncluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.", }, { lang: "es", value: "Un uso de la vulnerabilidad de credenciales codificadas [CWE-798] en FortiTester 2.3.0 a 7.2.3 puede permitir que un atacante que logró obtener un shell en el dispositivo acceda a la base de datos mediante comandos de shell.", }, ], id: "CVE-2023-40717", lastModified: "2024-11-21T08:20:01.307", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.4, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-13T13:15:09.507", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-245", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-245", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-13 13:15
Modified
2024-11-21 08:20
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-465 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-465 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortitester | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "2EEDB613-6C76-4B86-AA8A-4C72C97AF1B7", versionEndIncluding: "7.2.3", versionStartIncluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.", }, { lang: "es", value: "Una vulnerabilidad de almacenamiento de texto sin cifrar de información sensible [CWE-312] en FortiTester 2.3.0 a 7.2.3 puede permitir que un atacante con acceso al contenido de la base de datos recupere la contraseña de texto plano de servidores externos configurados en el dispositivo.", }, ], id: "CVE-2023-40715", lastModified: "2024-11-21T08:20:01.023", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-13T13:15:09.320", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-465", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-312", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-312", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-18 14:15
Modified
2024-11-21 07:11
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-244 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-244 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortitester | * | |
| fortinet | fortitester | * | |
| fortinet | fortitester | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "0A56D42B-F3B0-419F-8F1B-2826E28436BD", versionEndExcluding: "3.9.2", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "FE2EA412-DFA8-4EA8-80B1-081B994AFEDC", versionEndExcluding: "4.2.1", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "B708B54C-64C3-4793-8F81-896CFCA2AFF9", versionEndExcluding: "7.1.1", versionStartIncluding: "7.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.", }, { lang: "es", value: "Una vulnerabilidad de restricción inapropiada de intentos de autenticación excesivos [CWE-307] en el puerto Telnet de FortiTester versiones 2.3.0 hasta 3.9.1, 4.0.0 hasta 4.2.0, 7.0.0 hasta 7.1.0, puede permitir a un atacante no autenticado adivinar las credenciales de un usuario administrador por medio de un ataque de fuerza bruta", }, ], id: "CVE-2022-35846", lastModified: "2024-11-21T07:11:48.667", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-18T14:15:09.663", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-244", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-244", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-307", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-13 13:15
Modified
2024-11-21 08:10
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-501 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-501 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortitester | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "5979284B-65DC-442A-9738-4347B2449338", versionEndIncluding: "7.2.3", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.", }, { lang: "es", value: "Una neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo [CWE-78] en la interfaz de administración de FortiTester 3.0.0 a 7.2.3 puede permitir que un atacante autenticado ejecute comandos no autorizados a través de argumentos manipulados para comandos existentes.", }, ], id: "CVE-2023-36642", lastModified: "2024-11-21T08:10:09.817", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-13T13:15:09.127", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-501", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-501", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-24 15:15
Modified
2024-11-21 05:00
Severity ?
Summary
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-20-054 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-20-054 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortianalyzer | 6.2.5 | |
| fortinet | fortianalyzer | 6.4.0 | |
| fortinet | fortianalyzer | 6.4.1 | |
| fortinet | fortitester | * | |
| fortinet | fortitester | 3.8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*", matchCriteriaId: "33BBFA56-466B-471F-AA74-0D8339CD2D6E", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DA60D965-6F24-47E6-A62C-C147D51502A8", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F00DF5B2-FA3D-478B-834D-9A64194215CA", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "888CBB49-6E71-496E-AC1E-02A55F8E796A", versionEndIncluding: "3.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.8.0:*:*:*:*:*:*:*", matchCriteriaId: "83A5237C-C126-4AEA-8CE8-DEC82DDEC69D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.", }, { lang: "es", value: "Una vulnerabilidad de neutralización inapropiada de la entrada en FortiAnalyzer versiones anteriores a 6.4.1 y 6.2.5, puede permitir a un atacante autenticado remoto inyectar etiquetas HTML relacionadas con script por medio del parámetro Name de Conectores de Almacenamiento.", }, ], id: "CVE-2020-12817", lastModified: "2024-11-21T05:00:20.053", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-24T15:15:13.173", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-20-054", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-20-054", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-18 15:15
Modified
2024-11-21 07:08
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-237 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-237 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortitester | * | |
| fortinet | fortitester | * | |
| fortinet | fortitester | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "0A56D42B-F3B0-419F-8F1B-2826E28436BD", versionEndExcluding: "3.9.2", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "FE2EA412-DFA8-4EA8-80B1-081B994AFEDC", versionEndExcluding: "4.2.1", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "B708B54C-64C3-4793-8F81-896CFCA2AFF9", versionEndExcluding: "7.1.1", versionStartIncluding: "7.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.", }, { lang: "es", value: "Unas vulnerabilidades de neutralización inapropiada de los elementos especiales usados en un comando del Sistema Operativo (\"Inyección de Comandos del Sistema Operativo\") [CWE-78] en los componentes de inicio de sesión SSH de FortiTester versiones 2.3.0 hasta 3.9.1, 4.0.0 hasta 4.2.0, 7.0.0 hasta 7.1.0, puede permitir a un atacante remoto no autenticado ejecutar un comando arbitrario en el shell subyacente", }, ], id: "CVE-2022-33874", lastModified: "2024-11-21T07:08:30.257", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-18T15:15:09.800", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-237", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-237", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-18 15:15
Modified
2024-11-21 07:08
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-237 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-237 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortitester | * | |
| fortinet | fortitester | * | |
| fortinet | fortitester | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "0A56D42B-F3B0-419F-8F1B-2826E28436BD", versionEndExcluding: "3.9.2", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "FE2EA412-DFA8-4EA8-80B1-081B994AFEDC", versionEndExcluding: "4.2.1", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "B708B54C-64C3-4793-8F81-896CFCA2AFF9", versionEndExcluding: "7.1.1", versionStartIncluding: "7.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.", }, { lang: "es", value: "Unas vulnerabilidades de neutralización inapropiada de los elementos especiales usados en un Comando del Sistema Operativo (\"Inyección de Comandos del Sistema Operativo\") [CWE-78] en los componentes de inicio de sesión de Telnet de FortiTester versiones 2.3.0 hasta 3.9.1, 4.0.0 hasta 4.2.0, 7.0.0 hasta 7.1.0, puede permitir a un atacante remoto no autenticado ejecutar un comando arbitrario en el shell subyacente", }, ], id: "CVE-2022-33872", lastModified: "2024-11-21T07:08:29.983", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-18T15:15:09.687", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-237", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-237", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-13 07:15
Modified
2024-11-21 08:20
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup .
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-345 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-345 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortitester | 2.3.0 | |
| fortinet | fortitester | 2.4.0 | |
| fortinet | fortitester | 2.4.1 | |
| fortinet | fortitester | 2.5.0 | |
| fortinet | fortitester | 2.6.0 | |
| fortinet | fortitester | 2.7.0 | |
| fortinet | fortitester | 2.8.0 | |
| fortinet | fortitester | 2.9.0 | |
| fortinet | fortitester | 3.0.0 | |
| fortinet | fortitester | 3.1.0 | |
| fortinet | fortitester | 3.2.0 | |
| fortinet | fortitester | 3.3.0 | |
| fortinet | fortitester | 3.3.1 | |
| fortinet | fortitester | 3.4.0 | |
| fortinet | fortitester | 3.5.0 | |
| fortinet | fortitester | 3.5.1 | |
| fortinet | fortitester | 3.6.0 | |
| fortinet | fortitester | 3.7.0 | |
| fortinet | fortitester | 3.7.1 | |
| fortinet | fortitester | 3.8.0 | |
| fortinet | fortitester | 3.9.0 | |
| fortinet | fortitester | 3.9.1 | |
| fortinet | fortitester | 3.9.2 | |
| fortinet | fortitester | 4.0.0 | |
| fortinet | fortitester | 4.1.0 | |
| fortinet | fortitester | 4.1.1 | |
| fortinet | fortitester | 4.2.0 | |
| fortinet | fortitester | 4.2.1 | |
| fortinet | fortitester | 7.0.0 | |
| fortinet | fortitester | 7.1.0 | |
| fortinet | fortitester | 7.1.1 | |
| fortinet | fortitester | 7.2.0 | |
| fortinet | fortitester | 7.2.1 | |
| fortinet | fortitester | 7.2.2 | |
| fortinet | fortitester | 7.2.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortitester:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "20DC6A76-A91E-49D8-AD5F-5A53E6FD56A9", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "835CFB56-B366-44F2-BC0D-797973E29341", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "05D6DD1E-24F5-49C4-9BAF-2E4FA682F41F", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "F1A59274-C7AE-456B-821A-4A41DAE51DEF", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "BF739FA1-C8A1-4CCD-BCA4-1A9ABD31D926", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "71DF1A6A-B574-48E7-9337-A986EAD45441", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:2.8.0:*:*:*:*:*:*:*", matchCriteriaId: "5B23B49A-6BEF-4662-A19A-AA53B6A61913", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:2.9.0:*:*:*:*:*:*:*", matchCriteriaId: "F632D17B-0864-4965-92CD-7B58CB88506C", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "98433F67-056E-4371-B482-93A2EBF0C237", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D8609203-C2ED-4821-A836-E81479406B8C", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "3A0E475B-5CDF-40DB-A923-5DEB093D246E", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E7C93812-ED30-40EC-81C2-159D2095A8F5", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "61C7F802-1490-467A-B5B6-0B2AFD468439", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.4.0:*:*:*:*:*:*:*", matchCriteriaId: "75CB9729-BCDE-41F4-8684-01FF62794E13", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1ED9A5FF-B3A5-4DA8-AF7E-7B6C107A6C02", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "A8CCDEF0-9026-4F67-95B1-07286EFBB370", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.6.0:*:*:*:*:*:*:*", matchCriteriaId: "1FC82DC7-5C3C-452A-BB1D-021D935851EA", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.7.0:*:*:*:*:*:*:*", matchCriteriaId: "49A75B9A-D1A1-4E6A-84C7-1701DE00C8A9", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.7.1:*:*:*:*:*:*:*", matchCriteriaId: "D2934396-D757-4079-A5D7-65133CF833DD", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.8.0:*:*:*:*:*:*:*", matchCriteriaId: "83A5237C-C126-4AEA-8CE8-DEC82DDEC69D", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.9.0:*:*:*:*:*:*:*", matchCriteriaId: "14C2E2DA-6CE2-4B5E-A6CB-029967EAAFA9", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.9.1:*:*:*:*:*:*:*", matchCriteriaId: "492036BF-130B-435B-9EDD-71732CD663A6", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.9.2:*:*:*:*:*:*:*", matchCriteriaId: "8AB540E8-5B68-4F20-970E-63B70FFA3C83", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "23A3ABD7-9694-4784-9CD4-E8A1FA715682", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E79982C9-CB89-41B9-A294-B9830897304A", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7BB327AD-00E1-4397-B992-E182785E8ECC", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E47F051E-5D15-456D-9C0D-1AE6FF347155", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "D32E37C0-6ABE-46D2-987B-EC5E7F6BEF75", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "90D54E79-62C6-427F-9DD1-B3A99944E418", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "48797E89-FD8C-4904-9A8B-55F8D3840DB2", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:*", matchCriteriaId: "6BAFDB60-1FC7-42E7-854A-9FB24E652DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "786A513F-DAB0-4A19-91CA-8B30A8A507A2", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "5108EA9C-45A6-44A6-8A04-E46988AB31DE", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "2EDD4D17-2884-446E-8857-BF059264997F", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:7.2.3:*:*:*:*:*:*:*", matchCriteriaId: "3820B2FC-A566-44C1-9F98-B282A960359E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup .", }, { lang: "es", value: "Una neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo [CWE-78] en el intérprete de línea de comando de FortiTester 2.3.0 a 7.2.3 puede permitir que un atacante autenticado ejecute comandos no autorizados a través de argumentos específicamente manipulados al ejecutar ejecutar restauración/copia de seguridad.", }, ], id: "CVE-2023-40716", lastModified: "2024-11-21T08:20:01.163", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-13T07:15:14.223", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-345", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-345", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "psirt@fortinet.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-02 12:15
Modified
2024-11-21 07:08
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-070 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-070 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortitester | 3.0.0 | |
| fortinet | fortitester | 3.1.0 | |
| fortinet | fortitester | 3.2.0 | |
| fortinet | fortitester | 3.3.0 | |
| fortinet | fortitester | 3.3.1 | |
| fortinet | fortitester | 3.4.0 | |
| fortinet | fortitester | 3.5.0 | |
| fortinet | fortitester | 3.5.1 | |
| fortinet | fortitester | 3.6.0 | |
| fortinet | fortitester | 3.7.0 | |
| fortinet | fortitester | 3.7.1 | |
| fortinet | fortitester | 3.8.0 | |
| fortinet | fortitester | 3.9.0 | |
| fortinet | fortitester | 3.9.1 | |
| fortinet | fortitester | 4.0.0 | |
| fortinet | fortitester | 4.1.0 | |
| fortinet | fortitester | 4.1.1 | |
| fortinet | fortitester | 4.2.0 | |
| fortinet | fortitester | 7.0.0 | |
| fortinet | fortitester | 7.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortitester:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "98433F67-056E-4371-B482-93A2EBF0C237", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D8609203-C2ED-4821-A836-E81479406B8C", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "3A0E475B-5CDF-40DB-A923-5DEB093D246E", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E7C93812-ED30-40EC-81C2-159D2095A8F5", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "61C7F802-1490-467A-B5B6-0B2AFD468439", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.4.0:*:*:*:*:*:*:*", matchCriteriaId: "75CB9729-BCDE-41F4-8684-01FF62794E13", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1ED9A5FF-B3A5-4DA8-AF7E-7B6C107A6C02", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "A8CCDEF0-9026-4F67-95B1-07286EFBB370", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.6.0:*:*:*:*:*:*:*", matchCriteriaId: "1FC82DC7-5C3C-452A-BB1D-021D935851EA", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.7.0:*:*:*:*:*:*:*", matchCriteriaId: "49A75B9A-D1A1-4E6A-84C7-1701DE00C8A9", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.7.1:*:*:*:*:*:*:*", matchCriteriaId: "D2934396-D757-4079-A5D7-65133CF833DD", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.8.0:*:*:*:*:*:*:*", matchCriteriaId: "83A5237C-C126-4AEA-8CE8-DEC82DDEC69D", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.9.0:*:*:*:*:*:*:*", matchCriteriaId: "14C2E2DA-6CE2-4B5E-A6CB-029967EAAFA9", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.9.1:*:*:*:*:*:*:*", matchCriteriaId: "492036BF-130B-435B-9EDD-71732CD663A6", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "23A3ABD7-9694-4784-9CD4-E8A1FA715682", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E79982C9-CB89-41B9-A294-B9830897304A", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7BB327AD-00E1-4397-B992-E182785E8ECC", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E47F051E-5D15-456D-9C0D-1AE6FF347155", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "90D54E79-62C6-427F-9DD1-B3A99944E418", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "48797E89-FD8C-4904-9A8B-55F8D3840DB2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.", }, { lang: "es", value: "Una neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo [CWE-78] en el intérprete de línea de comando de FortiTester 3.0.0 a 3.9.1, 4.0.0 a 4.2.0, 7.0.0 a 7.1.0 puede permitir una atacante autenticado ejecute comandos no autorizados a través de argumentos específicamente manipulados para comandos existentes.", }, ], id: "CVE-2022-33870", lastModified: "2024-11-21T07:08:29.703", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-02T12:15:53.053", references: [ { source: "psirt@fortinet.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-070", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-24 18:15
Modified
2024-11-21 05:00
Severity ?
Summary
An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-20-054 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-20-054 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortianalyzer | * | |
| fortinet | fortianalyzer | * | |
| fortinet | fortitester | * | |
| fortinet | fortitester | 3.8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "BA74C62F-DE6E-4BDE-AB69-DD10A70AE5B0", versionEndIncluding: "6.2.5", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "06765221-336D-4F14-ACB2-DEAD02A8588B", versionEndIncluding: "6.4.1", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", matchCriteriaId: "888CBB49-6E71-496E-AC1E-02A55F8E796A", versionEndIncluding: "3.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortitester:3.8.0:*:*:*:*:*:*:*", matchCriteriaId: "83A5237C-C126-4AEA-8CE8-DEC82DDEC69D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.", }, { lang: "es", value: "Una vulnerabilidad de neutralización inapropiada de la entrada en FortiTester versiones anteriores a 3.9.0, puede permitir a un atacante autenticado remoto inyectar etiquetas HTML relacionadas con el script mediante campos de dirección IPv4/IPv6.", }, ], id: "CVE-2020-12815", lastModified: "2024-11-21T05:00:19.800", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-24T18:15:16.963", references: [ { source: "psirt@fortinet.com", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-20-054", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://fortiguard.com/advisory/FG-IR-20-054", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2022-33870
Vulnerability from cvelistv5
Published
2022-11-02 00:00
Modified
2024-10-25 13:27
Severity ?
EPSS score ?
Summary
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiTester |
Version: FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T08:09:22.663Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-070", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-33870", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:12:14.340279Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T13:27:09.218Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiTester", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "PROOF_OF_CONCEPT", integrityImpact: "HIGH", privilegesRequired: "LOW", remediationLevel: "UNAVAILABLE", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.4, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-02T00:00:00", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { url: "https://fortiguard.com/psirt/FG-IR-22-070", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-33870", datePublished: "2022-11-02T00:00:00", dateReserved: "2022-06-16T00:00:00", dateUpdated: "2024-10-25T13:27:09.218Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40715
Vulnerability from cvelistv5
Published
2023-09-13 12:29
Modified
2024-09-24 19:56
Severity ?
EPSS score ?
Summary
A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiTester |
Version: 7.2.0 ≤ 7.2.3 Version: 7.1.0 ≤ 7.1.1 Version: 7.0.0 Version: 4.2.0 ≤ 4.2.1 Version: 4.1.0 ≤ 4.1.1 Version: 4.0.0 Version: 3.9.0 ≤ 3.9.2 Version: 3.8.0 Version: 3.7.0 ≤ 3.7.1 Version: 3.6.0 Version: 3.5.0 ≤ 3.5.1 Version: 3.4.0 Version: 3.3.0 ≤ 3.3.1 Version: 3.2.0 Version: 3.1.0 Version: 3.0.0 Version: 2.9.0 Version: 2.8.0 Version: 2.7.0 Version: 2.6.0 Version: 2.5.0 Version: 2.4.0 ≤ 2.4.1 Version: 2.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:51.090Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-465", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-465", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-40715", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-24T19:40:05.656073Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-24T19:56:35.906Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiTester", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.2.3", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.1.1", status: "affected", version: "7.1.0", versionType: "semver", }, { status: "affected", version: "7.0.0", }, { lessThanOrEqual: "4.2.1", status: "affected", version: "4.2.0", versionType: "semver", }, { lessThanOrEqual: "4.1.1", status: "affected", version: "4.1.0", versionType: "semver", }, { status: "affected", version: "4.0.0", }, { lessThanOrEqual: "3.9.2", status: "affected", version: "3.9.0", versionType: "semver", }, { status: "affected", version: "3.8.0", }, { lessThanOrEqual: "3.7.1", status: "affected", version: "3.7.0", versionType: "semver", }, { status: "affected", version: "3.6.0", }, { lessThanOrEqual: "3.5.1", status: "affected", version: "3.5.0", versionType: "semver", }, { status: "affected", version: "3.4.0", }, { lessThanOrEqual: "3.3.1", status: "affected", version: "3.3.0", versionType: "semver", }, { status: "affected", version: "3.2.0", }, { status: "affected", version: "3.1.0", }, { status: "affected", version: "3.0.0", }, { status: "affected", version: "2.9.0", }, { status: "affected", version: "2.8.0", }, { status: "affected", version: "2.7.0", }, { status: "affected", version: "2.6.0", }, { status: "affected", version: "2.5.0", }, { lessThanOrEqual: "2.4.1", status: "affected", version: "2.4.0", versionType: "semver", }, { status: "affected", version: "2.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-312", description: "Information disclosure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-13T12:29:50.478Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-465", url: "https://fortiguard.com/psirt/FG-IR-22-465", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiTester version 7.3.0 or above ", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-40715", datePublished: "2023-09-13T12:29:50.478Z", dateReserved: "2023-08-21T09:03:44.315Z", dateUpdated: "2024-09-24T19:56:35.906Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23439
Vulnerability from cvelistv5
Published
2025-01-22 09:10
Modified
2025-01-22 14:21
Severity ?
EPSS score ?
Summary
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Fortinet | FortiTester |
Version: 7.2.0 ≤ 7.2.1 Version: 7.1.0 ≤ 7.1.1 Version: 7.0.0 Version: 4.2.0 ≤ 4.2.1 Version: 4.1.0 ≤ 4.1.1 Version: 4.0.0 Version: 3.9.0 ≤ 3.9.2 Version: 3.8.0 Version: 3.7.0 ≤ 3.7.1 Version: 3.6.0 Version: 3.5.0 ≤ 3.5.1 Version: 3.4.0 Version: 3.3.0 ≤ 3.3.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-23439", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-22T14:21:27.552014Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-22T14:21:36.714Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [], defaultStatus: "unaffected", product: "FortiTester", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.2.1", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.1.1", status: "affected", version: "7.1.0", versionType: "semver", }, { status: "affected", version: "7.0.0", }, { lessThanOrEqual: "4.2.1", status: "affected", version: "4.2.0", versionType: "semver", }, { lessThanOrEqual: "4.1.1", status: "affected", version: "4.1.0", versionType: "semver", }, { status: "affected", version: "4.0.0", }, { lessThanOrEqual: "3.9.2", status: "affected", version: "3.9.0", versionType: "semver", }, { status: "affected", version: "3.8.0", }, { lessThanOrEqual: "3.7.1", status: "affected", version: "3.7.0", versionType: "semver", }, { status: "affected", version: "3.6.0", }, { lessThanOrEqual: "3.5.1", status: "affected", version: "3.5.0", versionType: "semver", }, { status: "affected", version: "3.4.0", }, { lessThanOrEqual: "3.3.1", status: "affected", version: "3.3.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { status: "affected", version: "7.2.0", }, { lessThanOrEqual: "7.0.5", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.16", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.18", status: "affected", version: "6.0.0", versionType: "semver", }, { lessThan: "6.4.*", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimail:7.2.*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiMail", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.3", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.8", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.9", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.12", status: "affected", version: "6.0.0", versionType: "semver", }, { lessThanOrEqual: "5.4.12", status: "affected", version: "5.4.0", versionType: "semver", }, { lessThan: "7.2.*", status: "affected", version: "7.2.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiSwitch", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.4", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.10", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.8", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.7", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiDDoS-F", vendor: "Fortinet", versions: [ { lessThanOrEqual: "6.3.3", status: "affected", version: "6.3.0", versionType: "semver", }, { lessThanOrEqual: "6.2.3", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.1.5", status: "affected", version: "6.1.0", versionType: "semver", }, ], }, { cpes: [], defaultStatus: "unaffected", product: "FortiProxy", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.4", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "2.0.14", status: "affected", version: "2.0.0", versionType: "semver", }, { lessThanOrEqual: "1.2.13", status: "affected", version: "1.2.0", versionType: "semver", }, { lessThanOrEqual: "1.1.6", status: "affected", version: "1.1.0", versionType: "semver", }, { lessThanOrEqual: "1.0.7", status: "affected", version: "1.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiRecorder", vendor: "Fortinet", versions: [ { lessThanOrEqual: "6.4.2", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.0.10", status: "affected", version: "6.0.0", versionType: "semver", }, { lessThanOrEqual: "2.7.7", status: "affected", version: "2.7.0", versionType: "semver", }, { lessThanOrEqual: "2.6.3", status: "affected", version: "2.6.0", versionType: "semver", }, ], }, { cpes: [], defaultStatus: "unaffected", product: "FortiNDR", vendor: "Fortinet", versions: [ { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.1.0", }, { lessThanOrEqual: "7.0.6", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "1.5.3", status: "affected", version: "1.5.0", versionType: "semver", }, { status: "affected", version: "1.4.0", }, { lessThanOrEqual: "1.3.1", status: "affected", version: "1.3.0", versionType: "semver", }, { status: "affected", version: "1.2.0", }, { status: "affected", version: "1.1.0", }, ], }, { cpes: [ "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiADC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.1", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.2.3", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.1.6", status: "affected", version: "6.1.0", versionType: "semver", }, { lessThanOrEqual: "6.0.4", status: "affected", version: "6.0.0", versionType: "semver", }, { lessThanOrEqual: "5.4.5", status: "affected", version: "5.4.0", versionType: "semver", }, { lessThanOrEqual: "5.3.7", status: "affected", version: "5.3.0", versionType: "semver", }, { lessThanOrEqual: "5.2.8", status: "affected", version: "5.2.0", versionType: "semver", }, { lessThanOrEqual: "5.1.7", status: "affected", version: "5.1.0", versionType: "semver", }, { lessThanOrEqual: "5.0.4", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiManager", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.3", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.9", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.13", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.13", status: "affected", version: "6.2.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortisoar:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisoar:6.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiSOAR", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.2.2", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.3", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.4", status: "affected", version: "6.4.3", versionType: "semver", }, { lessThanOrEqual: "6.4.1", status: "affected", version: "6.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiVoice", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.0.1", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.8", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.0.11", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiDDoS", vendor: "Fortinet", versions: [ { lessThanOrEqual: "5.5.1", status: "affected", version: "5.5.0", versionType: "semver", }, { lessThanOrEqual: "5.4.3", status: "affected", version: "5.4.0", versionType: "semver", }, { lessThanOrEqual: "5.3.2", status: "affected", version: "5.3.0", versionType: "semver", }, { status: "affected", version: "5.2.0", }, { status: "affected", version: "5.1.0", }, { status: "affected", version: "5.0.0", }, { status: "affected", version: "4.7.0", }, { status: "affected", version: "4.6.0", }, { status: "affected", version: "4.5.0", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiWLC", vendor: "Fortinet", versions: [ { lessThanOrEqual: "8.6.7", status: "affected", version: "8.6.0", versionType: "semver", }, { lessThanOrEqual: "8.5.5", status: "affected", version: "8.5.0", versionType: "semver", }, { lessThanOrEqual: "8.4.8", status: "affected", version: "8.4.4", versionType: "semver", }, { lessThanOrEqual: "8.4.2", status: "affected", version: "8.4.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiAnalyzer", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.4.2", status: "affected", version: "7.4.0", versionType: "semver", }, { lessThanOrEqual: "7.2.9", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.13", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.15", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.13", status: "affected", version: "6.2.0", versionType: "semver", }, ], }, { cpes: [], defaultStatus: "unaffected", product: "FortiPortal", vendor: "Fortinet", versions: [ { lessThanOrEqual: "6.0.9", status: "affected", version: "6.0.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "FortiAuthenticator", vendor: "Fortinet", versions: [ { lessThanOrEqual: "6.4.1", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.3.3", status: "affected", version: "6.3.0", versionType: "semver", }, { lessThanOrEqual: "6.2.2", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.1.3", status: "affected", version: "6.1.0", versionType: "semver", }, { lessThanOrEqual: "6.0.8", status: "affected", version: "6.0.0", versionType: "semver", }, { status: "affected", version: "5.5.0", }, { lessThanOrEqual: "5.4.1", status: "affected", version: "5.4.0", versionType: "semver", }, { lessThanOrEqual: "5.3.1", status: "affected", version: "5.3.0", versionType: "semver", }, { lessThanOrEqual: "5.2.2", status: "affected", version: "5.2.0", versionType: "semver", }, { lessThanOrEqual: "5.1.2", status: "affected", version: "5.1.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-610", description: "Improper access control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-22T09:10:28.669Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-21-254", url: "https://fortiguard.com/psirt/FG-IR-21-254", }, ], solutions: [ { lang: "en", value: "FortiOS\nAdministrative Interface\nPlease upgrade to FortiOS version 7.0.6 and above,\nPlease upgrade to FortiOS version 7.2.1 and above.\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebfilter interface (port 8008)\nPlease upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nPlease upgrade to FortiOS version 7.0.12 or above\nPlease upgrade to FortiOS version 6.4.13 or above\n\nFortiProxy\nAdministrative Interface\nPlease upgrade to FortiProxy version 7.0.5 and above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\n\nSSLVPN interface\nPlease upgrade to FortiProxy version 7.4.0 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebFilter interface (port 8008)\nPlease upgrade to FortiProxy version 7.4.0 or above\n\nPlease upgrade to FortiRecorder version 7.0.0 or above \nPlease upgrade to FortiRecorder version 6.4.3 or above \nPlease upgrade to FortiRecorder version 6.0.11 or above \nPlease upgrade to FortiNDR version 7.4.0 or above\n\nFortiNDR\nPlease upgrade to FortiNDR version 7.2.1 or above\nPlease upgrade to FortiNDR version 7.1.1 or above\nAND\nSet the `https-redirect-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n set https-redirect-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\nend\n\nFortiADC\nPlease upgrade to FortiADC version 7.1.0 or above\nPlease upgrade to FortiADC version 7.0.2 or above\nPlease upgrade to FortiADC version 6.2.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n config system global\n set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\"\n\nFortiDDOS-F\nPlease upgrade to FortiDDoS-F version 6.4.0 or above\nPlease upgrade to FortiDDoS-F version 6.3.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n config system global\n set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client's Host header for any redirection\" \n\nPlease upgrade to FortiSwitch version 7.2.0 or above \nPlease upgrade to FortiSwitch version 7.0.5 or above \nPlease upgrade to FortiSwitch version 6.4.11 or above \nPlease upgrade to FortiVoice version 7.0.2 or above\nPlease upgrade to FortiVoice version 6.4.9 or above\nPlease upgrade to FortiMail version 7.2.0 or above \nPlease upgrade to FortiMail version 7.0.4 or above \nPlease upgrade to FortiWLC version 8.6.7 or above \nPlease upgrade to FortiAuthenticator version 6.4.2 or above \nPlease upgrade to FortiAuthenticator version 6.3.4 or above \nPlease upgrade to FortiDDoS version 5.6.0 or above \nPlease upgrade to FortiDDoS version 5.5.2 or above \nPlease upgrade to FortiSOAR version 7.3.0 or above \nPlease upgrade to FortiTester version 7.3.0 or above \nPlease upgrade to FortiTester version 7.2.2 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-23439", datePublished: "2025-01-22T09:10:28.669Z", dateReserved: "2022-01-19T07:38:03.512Z", dateUpdated: "2025-01-22T14:21:36.714Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-33873
Vulnerability from cvelistv5
Published
2022-10-10 00:00
Modified
2024-10-25 13:29
Severity ?
EPSS score ?
Summary
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiTester |
Version: FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T08:09:22.674Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-237", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-33873", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:12:19.545862Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T13:29:17.401Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiTester", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "FUNCTIONAL", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "UNAVAILABLE", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-18T00:00:00", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { url: "https://fortiguard.com/psirt/FG-IR-22-237", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-33873", datePublished: "2022-10-10T00:00:00", dateReserved: "2022-06-16T00:00:00", dateUpdated: "2024-10-25T13:29:17.401Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-35844
Vulnerability from cvelistv5
Published
2022-10-10 00:00
Modified
2024-10-25 13:28
Severity ?
EPSS score ?
Summary
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiTester |
Version: FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:44:22.172Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-247", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-35844", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:12:18.232499Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T13:28:53.141Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiTester", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "FUNCTIONAL", integrityImpact: "HIGH", privilegesRequired: "HIGH", remediationLevel: "UNAVAILABLE", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-18T00:00:00", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { url: "https://fortiguard.com/psirt/FG-IR-22-247", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-35844", datePublished: "2022-10-10T00:00:00", dateReserved: "2022-07-13T00:00:00", dateUpdated: "2024-10-25T13:28:53.141Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-33874
Vulnerability from cvelistv5
Published
2022-10-10 00:00
Modified
2024-10-25 13:29
Severity ?
EPSS score ?
Summary
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiTester |
Version: FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T08:09:22.697Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-237", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-33874", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:19:12.841801Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T13:29:05.669Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiTester", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitCodeMaturity: "FUNCTIONAL", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "UNAVAILABLE", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 9.6, temporalSeverity: "CRITICAL", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-18T00:00:00", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { url: "https://fortiguard.com/psirt/FG-IR-22-237", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-33874", datePublished: "2022-10-10T00:00:00", dateReserved: "2022-06-16T00:00:00", dateUpdated: "2024-10-25T13:29:05.669Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-35846
Vulnerability from cvelistv5
Published
2022-10-10 00:00
Modified
2024-10-25 13:27
Severity ?
EPSS score ?
Summary
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiTester |
Version: FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:44:22.145Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-244", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-35846", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:12:16.897068Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T13:27:31.536Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiTester", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "PROOF_OF_CONCEPT", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "UNAVAILABLE", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.7, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Improper access control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-18T00:00:00", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { url: "https://fortiguard.com/psirt/FG-IR-22-244", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-35846", datePublished: "2022-10-10T00:00:00", dateReserved: "2022-07-13T00:00:00", dateUpdated: "2024-10-25T13:27:31.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-33872
Vulnerability from cvelistv5
Published
2022-10-10 00:00
Modified
2024-10-25 13:29
Severity ?
EPSS score ?
Summary
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiTester |
Version: FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T08:09:22.644Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-237", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-33872", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:19:14.182918Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T13:29:27.553Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiTester", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitCodeMaturity: "FUNCTIONAL", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "UNAVAILABLE", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 9.6, temporalSeverity: "CRITICAL", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-18T00:00:00", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { url: "https://fortiguard.com/psirt/FG-IR-22-237", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-33872", datePublished: "2022-10-10T00:00:00", dateReserved: "2022-06-16T00:00:00", dateUpdated: "2024-10-25T13:29:27.553Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-35845
Vulnerability from cvelistv5
Published
2023-01-03 16:57
Modified
2024-10-23 14:51
Severity ?
EPSS score ?
Summary
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiTester |
Version: 7.1.0 Version: 7.0.0 Version: 4.2.0 Version: 4.1.0 ≤ 4.1.1 Version: 4.0.0 Version: 3.9.0 ≤ 3.9.1 Version: 3.8.0 Version: 3.7.0 ≤ 3.7.1 Version: 3.6.0 Version: 3.5.0 ≤ 3.5.1 Version: 3.4.0 Version: 3.3.0 ≤ 3.3.1 Version: 3.2.0 Version: 3.1.0 Version: 3.0.0 Version: 2.9.0 Version: 2.8.0 Version: 2.7.0 Version: 2.6.0 Version: 2.5.0 Version: 2.4.0 ≤ 2.4.1 Version: 2.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:44:22.118Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-274", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-274", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-35845", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:12:04.902426Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T14:51:17.532Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiTester", vendor: "Fortinet", versions: [ { status: "affected", version: "7.1.0", }, { status: "affected", version: "7.0.0", }, { status: "affected", version: "4.2.0", }, { lessThanOrEqual: "4.1.1", status: "affected", version: "4.1.0", versionType: "semver", }, { status: "affected", version: "4.0.0", }, { lessThanOrEqual: "3.9.1", status: "affected", version: "3.9.0", versionType: "semver", }, { status: "affected", version: "3.8.0", }, { lessThanOrEqual: "3.7.1", status: "affected", version: "3.7.0", versionType: "semver", }, { status: "affected", version: "3.6.0", }, { lessThanOrEqual: "3.5.1", status: "affected", version: "3.5.0", versionType: "semver", }, { status: "affected", version: "3.4.0", }, { lessThanOrEqual: "3.3.1", status: "affected", version: "3.3.0", versionType: "semver", }, { status: "affected", version: "3.2.0", }, { status: "affected", version: "3.1.0", }, { status: "affected", version: "3.0.0", }, { status: "affected", version: "2.9.0", }, { status: "affected", version: "2.8.0", }, { status: "affected", version: "2.7.0", }, { status: "affected", version: "2.6.0", }, { status: "affected", version: "2.5.0", }, { lessThanOrEqual: "2.4.1", status: "affected", version: "2.4.0", versionType: "semver", }, { status: "affected", version: "2.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-03T16:57:58.754Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-274", url: "https://fortiguard.com/psirt/FG-IR-22-274", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiTester version 7.2.0 or above Please upgrade to FortiTester version 7.1.1 or above Please upgrade to FortiTester version 4.2.1 or above Please upgrade to FortiTester version 3.9.2 or above ", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-35845", datePublished: "2023-01-03T16:57:58.754Z", dateReserved: "2022-07-13T20:38:49.333Z", dateUpdated: "2024-10-23T14:51:17.532Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36642
Vulnerability from cvelistv5
Published
2023-09-13 12:29
Modified
2024-09-25 17:33
Severity ?
EPSS score ?
Summary
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiTester |
Version: 7.2.0 ≤ 7.2.3 Version: 7.1.0 ≤ 7.1.1 Version: 7.0.0 Version: 4.2.0 ≤ 4.2.1 Version: 4.1.0 ≤ 4.1.1 Version: 4.0.0 Version: 3.9.0 ≤ 3.9.2 Version: 3.8.0 Version: 3.7.0 ≤ 3.7.1 Version: 3.6.0 Version: 3.5.0 ≤ 3.5.1 Version: 3.4.0 Version: 3.3.0 ≤ 3.3.1 Version: 3.2.0 Version: 3.1.0 Version: 3.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.250Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-501", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-501", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fortitester", vendor: "fortinet", versions: [ { lessThanOrEqual: "7.2.3", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-36642", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-25T17:29:16.163297Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-25T17:33:50.277Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiTester", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.2.3", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.1.1", status: "affected", version: "7.1.0", versionType: "semver", }, { status: "affected", version: "7.0.0", }, { lessThanOrEqual: "4.2.1", status: "affected", version: "4.2.0", versionType: "semver", }, { lessThanOrEqual: "4.1.1", status: "affected", version: "4.1.0", versionType: "semver", }, { status: "affected", version: "4.0.0", }, { lessThanOrEqual: "3.9.2", status: "affected", version: "3.9.0", versionType: "semver", }, { status: "affected", version: "3.8.0", }, { lessThanOrEqual: "3.7.1", status: "affected", version: "3.7.0", versionType: "semver", }, { status: "affected", version: "3.6.0", }, { lessThanOrEqual: "3.5.1", status: "affected", version: "3.5.0", versionType: "semver", }, { status: "affected", version: "3.4.0", }, { lessThanOrEqual: "3.3.1", status: "affected", version: "3.3.0", versionType: "semver", }, { status: "affected", version: "3.2.0", }, { status: "affected", version: "3.1.0", }, { status: "affected", version: "3.0.0", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-13T12:29:26.198Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-501", url: "https://fortiguard.com/psirt/FG-IR-22-501", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiTester version 7.3.0 or above ", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-36642", datePublished: "2023-09-13T12:29:26.198Z", dateReserved: "2023-06-25T18:03:39.228Z", dateUpdated: "2024-09-25T17:33:50.277Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-38372
Vulnerability from cvelistv5
Published
2022-11-02 00:00
Modified
2024-10-25 13:21
Severity ?
EPSS score ?
Summary
A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiTester |
Version: FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:54:03.531Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-283", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-38372", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T14:12:11.601695Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T13:21:01.406Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiTester", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "FUNCTIONAL", integrityImpact: "HIGH", privilegesRequired: "HIGH", remediationLevel: "UNAVAILABLE", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Improper access control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-02T00:00:00", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { url: "https://fortiguard.com/psirt/FG-IR-22-283", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-38372", datePublished: "2022-11-02T00:00:00", dateReserved: "2022-08-16T00:00:00", dateUpdated: "2024-10-25T13:21:01.406Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12817
Vulnerability from cvelistv5
Published
2020-09-24 13:31
Modified
2024-10-25 14:24
Severity ?
EPSS score ?
Summary
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-20-054 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiAnalyzer |
Version: FortiAnalyzer before 6.4.1; before 6.2.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:04:22.897Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/advisory/FG-IR-20-054", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-12817", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T20:03:35.252097Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T14:24:23.911Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiAnalyzer", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiAnalyzer before 6.4.1; before 6.2.5", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.", }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-24T13:31:29", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/advisory/FG-IR-20-054", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", ID: "CVE-2020-12817", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Fortinet FortiAnalyzer", version: { version_data: [ { version_value: "FortiAnalyzer before 6.4.1; before 6.2.5", }, ], }, }, ], }, vendor_name: "Fortinet", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Execute unauthorized code or commands", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/advisory/FG-IR-20-054", refsource: "CONFIRM", url: "https://fortiguard.com/advisory/FG-IR-20-054", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2020-12817", datePublished: "2020-09-24T13:31:29", dateReserved: "2020-05-12T00:00:00", dateUpdated: "2024-10-25T14:24:23.911Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12815
Vulnerability from cvelistv5
Published
2020-09-24 13:33
Modified
2024-10-25 14:00
Severity ?
EPSS score ?
Summary
An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-20-054 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiTester |
Version: FortiTester before 3.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:04:22.873Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://fortiguard.com/advisory/FG-IR-20-054", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-12815", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T13:59:08.415847Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T14:00:46.553Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Fortinet FortiTester", vendor: "Fortinet", versions: [ { status: "affected", version: "FortiTester before 3.9.0", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.", }, ], problemTypes: [ { descriptions: [ { description: "Execute unauthorized code or commands", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-24T13:33:14", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://fortiguard.com/advisory/FG-IR-20-054", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@fortinet.com", ID: "CVE-2020-12815", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Fortinet FortiTester", version: { version_data: [ { version_value: "FortiTester before 3.9.0", }, ], }, }, ], }, vendor_name: "Fortinet", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Execute unauthorized code or commands", }, ], }, ], }, references: { reference_data: [ { name: "https://fortiguard.com/advisory/FG-IR-20-054", refsource: "CONFIRM", url: "https://fortiguard.com/advisory/FG-IR-20-054", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2020-12815", datePublished: "2020-09-24T13:33:14", dateReserved: "2020-05-12T00:00:00", dateUpdated: "2024-10-25T14:00:46.553Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40716
Vulnerability from cvelistv5
Published
2023-12-13 06:44
Modified
2024-08-02 18:38
Severity ?
EPSS score ?
Summary
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup .
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiTester |
Version: 7.2.0 ≤ 7.2.3 Version: 7.1.0 ≤ 7.1.1 Version: 7.0.0 Version: 4.2.0 ≤ 4.2.1 Version: 4.1.0 ≤ 4.1.1 Version: 4.0.0 Version: 3.9.0 ≤ 3.9.2 Version: 3.8.0 Version: 3.7.0 ≤ 3.7.1 Version: 3.6.0 Version: 3.5.0 ≤ 3.5.1 Version: 3.4.0 Version: 3.3.0 ≤ 3.3.1 Version: 3.2.0 Version: 3.1.0 Version: 3.0.0 Version: 2.9.0 Version: 2.8.0 Version: 2.7.0 Version: 2.6.0 Version: 2.5.0 Version: 2.4.0 ≤ 2.4.1 Version: 2.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:51.171Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-345", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-345", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiTester", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.2.3", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.1.1", status: "affected", version: "7.1.0", versionType: "semver", }, { status: "affected", version: "7.0.0", }, { lessThanOrEqual: "4.2.1", status: "affected", version: "4.2.0", versionType: "semver", }, { lessThanOrEqual: "4.1.1", status: "affected", version: "4.1.0", versionType: "semver", }, { status: "affected", version: "4.0.0", }, { lessThanOrEqual: "3.9.2", status: "affected", version: "3.9.0", versionType: "semver", }, { status: "affected", version: "3.8.0", }, { lessThanOrEqual: "3.7.1", status: "affected", version: "3.7.0", versionType: "semver", }, { status: "affected", version: "3.6.0", }, { lessThanOrEqual: "3.5.1", status: "affected", version: "3.5.0", versionType: "semver", }, { status: "affected", version: "3.4.0", }, { lessThanOrEqual: "3.3.1", status: "affected", version: "3.3.0", versionType: "semver", }, { status: "affected", version: "3.2.0", }, { status: "affected", version: "3.1.0", }, { status: "affected", version: "3.0.0", }, { status: "affected", version: "2.9.0", }, { status: "affected", version: "2.8.0", }, { status: "affected", version: "2.7.0", }, { status: "affected", version: "2.6.0", }, { status: "affected", version: "2.5.0", }, { lessThanOrEqual: "2.4.1", status: "affected", version: "2.4.0", versionType: "semver", }, { status: "affected", version: "2.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup .", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-13T06:44:03.852Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-345", url: "https://fortiguard.com/psirt/FG-IR-22-345", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiTester version 7.3.0 or above \n", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-40716", datePublished: "2023-12-13T06:44:03.852Z", dateReserved: "2023-08-21T09:03:44.315Z", dateUpdated: "2024-08-02T18:38:51.171Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40717
Vulnerability from cvelistv5
Published
2023-09-13 12:29
Modified
2024-09-24 19:57
Severity ?
EPSS score ?
Summary
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiTester |
Version: 7.2.0 ≤ 7.2.3 Version: 7.1.0 ≤ 7.1.1 Version: 7.0.0 Version: 4.2.0 ≤ 4.2.1 Version: 4.1.0 ≤ 4.1.1 Version: 4.0.0 Version: 3.9.0 ≤ 3.9.2 Version: 3.8.0 Version: 3.7.0 ≤ 3.7.1 Version: 3.6.0 Version: 3.5.0 ≤ 3.5.1 Version: 3.4.0 Version: 3.3.0 ≤ 3.3.1 Version: 3.2.0 Version: 3.1.0 Version: 3.0.0 Version: 2.9.0 Version: 2.8.0 Version: 2.7.0 Version: 2.6.0 Version: 2.5.0 Version: 2.4.0 ≤ 2.4.1 Version: 2.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:51.225Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-245", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-245", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-40717", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-24T19:40:14.020771Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-24T19:57:16.170Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiTester", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.2.3", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.1.1", status: "affected", version: "7.1.0", versionType: "semver", }, { status: "affected", version: "7.0.0", }, { lessThanOrEqual: "4.2.1", status: "affected", version: "4.2.0", versionType: "semver", }, { lessThanOrEqual: "4.1.1", status: "affected", version: "4.1.0", versionType: "semver", }, { status: "affected", version: "4.0.0", }, { lessThanOrEqual: "3.9.2", status: "affected", version: "3.9.0", versionType: "semver", }, { status: "affected", version: "3.8.0", }, { lessThanOrEqual: "3.7.1", status: "affected", version: "3.7.0", versionType: "semver", }, { status: "affected", version: "3.6.0", }, { lessThanOrEqual: "3.5.1", status: "affected", version: "3.5.0", versionType: "semver", }, { status: "affected", version: "3.4.0", }, { lessThanOrEqual: "3.3.1", status: "affected", version: "3.3.0", versionType: "semver", }, { status: "affected", version: "3.2.0", }, { status: "affected", version: "3.1.0", }, { status: "affected", version: "3.0.0", }, { status: "affected", version: "2.9.0", }, { status: "affected", version: "2.8.0", }, { status: "affected", version: "2.7.0", }, { status: "affected", version: "2.6.0", }, { status: "affected", version: "2.5.0", }, { lessThanOrEqual: "2.4.1", status: "affected", version: "2.4.0", versionType: "semver", }, { status: "affected", version: "2.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-798", description: "Improper access control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-13T12:29:45.466Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-245", url: "https://fortiguard.com/psirt/FG-IR-22-245", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiTester version 7.3.0 or above ", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2023-40717", datePublished: "2023-09-13T12:29:45.466Z", dateReserved: "2023-08-21T09:03:44.315Z", dateUpdated: "2024-09-24T19:57:16.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }