CVE-2022-35845

moderate-risk
Published 2023-01-03

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.

Do I need to act?

~
3.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (7)

Fortitester
Fortitester
Fortitester
Fortitester
Fortitester
Fortitester
Fortitester

Affected Vendors

Fortinet

References (2)

Patch https://fortiguard.com/psirt/FG-IR-22-274
Patch https://fortiguard.com/psirt/FG-IR-22-274
45
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 7/34 · Low
Exposure 14/34 · Moderate