Details of VAR-202210-1160

ID

VAR-202210-1160

CVE

CVE-2022-33873

TITLE

fortinet's FortiTester In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-019310

DESCRIPTION

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell. fortinet's FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-33873 // JVNDB: JVNDB-2022-019310 // VULHUB: VHN-426024

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortitester	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortitester	scope:	gte	version:	2.3.0	Trust: 1.0
vendor:	fortinet	model:	fortitester	scope:	lt	version:	3.9.2	Trust: 1.0
vendor:	fortinet	model:	fortitester	scope:	gte	version:	4.0.0	Trust: 1.0
vendor:	fortinet	model:	fortitester	scope:	lt	version:	7.1.1	Trust: 1.0
vendor:	fortinet	model:	fortitester	scope:	lt	version:	4.2.1	Trust: 1.0
vendor:	フォーティネット	model:	fortitester	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortitester	scope:	eq	version:	4.0.0 that's all 4.2.1	Trust: 0.8
vendor:	フォーティネット	model:	fortitester	scope:	eq	version:	7.0.0 that's all 7.1.1	Trust: 0.8
vendor:	フォーティネット	model:	fortitester	scope:	eq	version:	2.3.0 that's all 3.9.2	Trust: 0.8

sources: JVNDB: JVNDB-2022-019310 // NVD: CVE-2022-33873

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33873
value:	CRITICAL
Trust: 1.0
psirt@fortinet.com:	CVE-2022-33873
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-33873
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202210-1201
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-33873
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2022-33873
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-33873
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019310 // CNNVD: CNNVD-202210-1201 // NVD: CVE-2022-33873 // NVD: CVE-2022-33873

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-426024 // JVNDB: JVNDB-2022-019310 // NVD: CVE-2022-33873

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1201

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202210-1201

PATCH

title:	FG-IR-22-237	url:	https://www.fortiguard.com/psirt/FG-IR-22-237	Trust: 0.8
title:	FortiTester Fixes for operating system command injection vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=211662	Trust: 0.6

sources: JVNDB: JVNDB-2022-019310 // CNNVD: CNNVD-202210-1201

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33873	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-019310	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-1201	Trust: 0.6
db:	VULHUB	id:	VHN-426024	Trust: 0.1

sources: VULHUB: VHN-426024 // JVNDB: JVNDB-2022-019310 // CNNVD: CNNVD-202210-1201 // NVD: CVE-2022-33873

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-237	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33873	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-33873/	Trust: 0.6

sources: VULHUB: VHN-426024 // JVNDB: JVNDB-2022-019310 // CNNVD: CNNVD-202210-1201 // NVD: CVE-2022-33873

SOURCES

db:	VULHUB	id:	VHN-426024
db:	JVNDB	id:	JVNDB-2022-019310
db:	CNNVD	id:	CNNVD-202210-1201
db:	NVD	id:	CVE-2022-33873

LAST UPDATE DATE

2024-08-14T15:37:20.573000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426024	date:	2022-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2022-019310	date:	2023-10-25T05:35:00
db:	CNNVD	id:	CNNVD-202210-1201	date:	2022-10-24T00:00:00
db:	NVD	id:	CVE-2022-33873	date:	2022-10-21T13:00:09.717

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426024	date:	2022-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-019310	date:	2023-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202210-1201	date:	2022-10-18T00:00:00
db:	NVD	id:	CVE-2022-33873	date:	2022-10-18T15:15:09.743