A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-280 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
27 Feb 2023, 18:40
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://fortiguard.com/psirt/FG-IR-22-280 - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Fortinet
Fortinet fortinac |
|
CWE | CWE-88 |
16 Feb 2023, 19:39
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-16 19:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-40677
Mitre link : CVE-2022-40677
CVE.ORG link : CVE-2022-40677
JSON object : View
Products Affected
fortinet
- fortinac
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')