An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-22-237 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2022-10-10T00:00:00
Updated: 2024-08-03T08:09:22.697Z
Reserved: 2022-06-16T00:00:00
Link: CVE-2022-33874
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-10-18T15:15:09.800
Modified: 2022-10-21T12:59:37.607
Link: CVE-2022-33874
Redhat
No data.