FortiSOAR - OS Command Injection in Agent Password Field
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-22-156
Final
1
1
2022-09-06T00:00:00
Current version
2022-09-06T00:00:00
2022-09-06T00:00:00
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR may allow an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.
None
Execute unauthorized code or commands
Fortinet is pleased to thank security researchers Ryan Catterall and OJ Reeves of Beyond Binary for discovering and reporting this vulnerability under responsible disclosure.
FortiSOAR 7.2.0
FortiSOAR 7.0.2
FortiSOAR 7.0.1
FortiSOAR 7.0.0
FortiSOAR 6.4.4
FortiSOAR 6.4.3
FortiSOAR 6.4.1
FortiSOAR - OS Command Injection in Agent Password Field
CVE-2022-29061
FortiSOAR-7.2.0
FortiSOAR-7.0.2
FortiSOAR-7.0.1
FortiSOAR-7.0.0
FortiSOAR-6.4.4
FortiSOAR-6.4.3
FortiSOAR-6.4.1
6.8
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-22-156
FortiSOAR - OS Command Injection in Agent Password Field
Reference>