Home
HIGH: 7.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:CDefault status
unaffected
7.1.0
affected
7.0.0
affected
4.2.0
affected
4.1.0 (semver)
affected
4.0.0
affected
3.9.0 (semver)
affected
3.8.0
affected
3.7.0 (semver)
affected
3.6.0
affected
3.5.0 (semver)
affected
3.4.0
affected
3.3.0 (semver)
affected
3.2.0
affected
3.1.0
affected
3.0.0
affected
2.9.0
affected
2.8.0
affected
2.7.0
affected
2.6.0
affected
2.5.0
affected
2.4.0 (semver)
affected
2.3.0
affected
Description
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.
Problem types
Execute unauthorized code or commands
Product status
7.1.0
7.0.0
4.2.0
4.1.0 (semver)
4.0.0
3.9.0 (semver)
3.8.0
3.7.0 (semver)
3.6.0
3.5.0 (semver)
3.4.0
3.3.0 (semver)
3.2.0
3.1.0
3.0.0
2.9.0
2.8.0
2.7.0
2.6.0
2.5.0
2.4.0 (semver)
2.3.0
References
fortiguard.com/psirt/FG-IR-22-274
fortiguard.com/psirt/FG-IR-22-274