CVE-2022-35844 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-35844 PUBLISHED CVSS 6.699999809265137 MEDIUM

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.

EPSS 0.34% · 56.7th percentile

Risk Scores

CVSS v3.1

6.699999809265137

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C

EPSS Score

0.34%

56.7th percentile

Affected Products

Vendor	Product	Versions
Fortinet	Fortinet FortiTester	FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0
fortinet	fortitester	2.3.0, 4.0.0, 7.0.0

Timeline

Oct 10, 2022 CVE Published
Oct 11, 2022 EPSS Score
Nov 23, 2022 EPSS Score
Jan 6, 2023 EPSS Score
Feb 18, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 16, 2023 EPSS Score
Jun 29, 2023 EPSS Score
Aug 11, 2023 EPSS Score
Sep 24, 2023 EPSS Score
Nov 6, 2023 EPSS Score

References

https://www.fortiguard.com/psirt/FG-IR-22-086 advisory
https://www.fortiguard.com/psirt/FG-IR-22-377 advisory
https://www.fortiguard.com/psirt/FG-IR-21-242 advisory
https://www.fortiguard.com/psirt/FG-IR-22-237 advisory
https://www.fortiguard.com/psirt/FG-IR-22-026 advisory
https://www.fortiguard.com/psirt/FG-IR-22-244 advisory
https://www.fortiguard.com/psirt/FG-IR-22-247 advisory
https://fortiguard.com/psirt/FG-IR-22-247 url
https://nvd.nist.gov/vuln/detail/CVE-2022-35844 advisory

Open in Interactive Console →