A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-22-049 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2022-07-18T16:40:20
Updated: 2024-08-03T05:32:57.798Z
Reserved: 2022-03-21T00:00:00
Link: CVE-2022-27483
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-07-19T14:15:08.500
Modified: 2022-07-27T07:18:54.910
Link: CVE-2022-27483
Redhat
No data.