CVE-2022-33870

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-22-070 Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:fortinet:fortitester:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:3.9.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*

Information

Published : 2022-11-02 12:15

Updated : 2022-11-04 01:42


NVD link : CVE-2022-33870

Mitre link : CVE-2022-33870

Products Affected
No products.
CWE