| IR Number | FG-IR-22-274 |
| Date | Jan 3, 2023 |
| Severity |
High |
| CVSSv3 Score | 7.6 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2022-35845 |
| Affected Products |
FortiTester
:
7.1.0, 7.0.0, 4.2.0, 4.1.1, 4.1.0, 4.0.0, 3.9.1, 3.9.0, 3.8.0, 3.7.1, 3.7.0, 3.6.0, 3.5.1, 3.5.0, 3.4.0, 3.3.1, 3.3.0, 3.2.0, 3.1.0, 3.0.0, 2.9.0, 2.8.0, 2.7.0, 2.6.0, 2.5.0, 2.4.1, 2.4.0, 2.3.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiTester - Multiple command injection vulnerabilities in GUI and API
Summary
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester may allow an authenticated attacker to execute arbitrary commands in the underlying shell.
Affected Products
FortiTester version 7.1.0
FortiTester version 7.0 all versions
FortiTester version 4.0.0 through 4.2.0
FortiTester version 2.3.0 through 3.9.1
Solutions
Please upgrade to FortiTester version 7.2.0 or abovePlease upgrade to FortiTester version 7.1.1 or above
Please upgrade to FortiTester version 4.2.1 or above
Please upgrade to FortiTester version 3.9.2 or above