An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-22-237 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2022-10-10T00:00:00
Updated: 2024-08-03T08:09:22.644Z
Reserved: 2022-06-16T00:00:00
Link: CVE-2022-33872
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-10-18T15:15:09.687
Modified: 2022-10-21T13:00:32.270
Link: CVE-2022-33872
Redhat
No data.