VDB
CVE-2022-35844
CVE-2022-35844
PUBLISHED
CVSS 6.699999809265137 MEDIUM
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.
EPSS 0.34% · 57.2th percentile
Risk Scores
CVSS 3.1
6.699999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C
EPSS Score
0.34%
57.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortinet FortiTester | FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 |
| fortinet | fortitester | 2.3.0, 4.0.0, 7.0.0 |
Exploit Intelligence
Timeline
- Oct 10, 2022 CVE Published
- Oct 11, 2022 EPSS Score
- Nov 24, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Feb 20, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 5, 2023 EPSS Score
- May 19, 2023 EPSS Score
- Jul 2, 2023 EPSS Score
- Aug 15, 2023 EPSS Score
- Sep 28, 2023 EPSS Score
- Nov 11, 2023 EPSS Score
References
- https://www.fortiguard.com/psirt/FG-IR-22-086 advisory
- https://www.fortiguard.com/psirt/FG-IR-22-377 advisory
- https://www.fortiguard.com/psirt/FG-IR-21-242 advisory
- https://www.fortiguard.com/psirt/FG-IR-22-237 advisory
- https://www.fortiguard.com/psirt/FG-IR-22-026 advisory
- https://www.fortiguard.com/psirt/FG-IR-22-244 advisory
- https://www.fortiguard.com/psirt/FG-IR-22-247 advisory
- https://fortiguard.com/psirt/FG-IR-22-247 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-35844 advisory