A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-061 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Jan 2023, 02:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://fortiguard.com/psirt/FG-IR-22-061 - Patch, Vendor Advisory | |
First Time |
Fortinet fortiadc
Fortinet |
|
CWE | CWE-78 |
03 Jan 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-03 17:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-39947
Mitre link : CVE-2022-39947
CVE.ORG link : CVE-2022-39947
JSON object : View
Products Affected
fortinet
- fortiadc
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')