FortiTester - Multiple command injection vulnerabilities in GUI and API
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-22-274
Final
1
1
2023-01-03T00:00:00
Current version
2023-01-03T00:00:00
2023-01-03T00:00:00
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester may allow an authenticated attacker to execute arbitrary commands in the underlying shell.
None
Execute unauthorized code or commands
FortiTester version 7.1.0 FortiTester version 7.0 all versions FortiTester version 4.0.0 through 4.2.0 FortiTester versionĀ 2.3.0 through 3.9.1
Please upgrade to FortiTester version 7.2.0 or above Please upgrade to FortiTester version 7.1.1 or above Please upgrade to FortiTester version 4.2.1 or above Please upgrade to FortiTester version 3.9.2 or above
Internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team.
FortiTester 7.1.0
FortiTester 7.0.0
FortiTester 4.2.0
FortiTester 4.1.1
FortiTester 4.1.0
FortiTester 4.0.0
FortiTester 3.9.1
FortiTester 3.9.0
FortiTester 3.8.0
FortiTester 3.7.1
FortiTester 3.7.0
FortiTester 3.6.0
FortiTester 3.5.1
FortiTester 3.5.0
FortiTester 3.4.0
FortiTester 3.3.1
FortiTester 3.3.0
FortiTester 3.2.0
FortiTester 3.1.0
FortiTester 3.0.0
FortiTester 2.9.0
FortiTester 2.8.0
FortiTester 2.7.0
FortiTester 2.6.0
FortiTester 2.5.0
FortiTester 2.4.1
FortiTester 2.4.0
FortiTester 2.3.0
FortiTester - Multiple command injection vulnerabilities in GUI and API
CVE-2022-35845
FortiTester-7.1.0
FortiTester-7.0.0
FortiTester-4.2.0
FortiTester-4.1.1
FortiTester-4.1.0
FortiTester-4.0.0
FortiTester-3.9.1
FortiTester-3.9.0
FortiTester-3.8.0
FortiTester-3.7.1
FortiTester-3.7.0
FortiTester-3.6.0
FortiTester-3.5.1
FortiTester-3.5.0
FortiTester-3.4.0
FortiTester-3.3.1
FortiTester-3.3.0
FortiTester-3.2.0
FortiTester-3.1.0
FortiTester-3.0.0
FortiTester-2.9.0
FortiTester-2.8.0
FortiTester-2.7.0
FortiTester-2.6.0
FortiTester-2.5.0
FortiTester-2.4.1
FortiTester-2.4.0
FortiTester-2.3.0
7.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-22-274
FortiTester - Multiple command injection vulnerabilities in GUI and API
Reference>