Details of VAR-202210-1190

ID

VAR-202210-1190

CVE

CVE-2022-35844

TITLE

fortinet's FortiTester In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-019253

DESCRIPTION

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature. fortinet's FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-35844 // JVNDB: JVNDB-2022-019253 // VULHUB: VHN-432095

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortitester	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortitester	scope:	gte	version:	2.3.0	Trust: 1.0
vendor:	fortinet	model:	fortitester	scope:	lt	version:	3.9.2	Trust: 1.0
vendor:	fortinet	model:	fortitester	scope:	gte	version:	4.0.0	Trust: 1.0
vendor:	fortinet	model:	fortitester	scope:	lt	version:	7.1.1	Trust: 1.0
vendor:	fortinet	model:	fortitester	scope:	lt	version:	4.2.1	Trust: 1.0
vendor:	フォーティネット	model:	fortitester	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortitester	scope:	eq	version:	4.0.0 that's all 4.2.1	Trust: 0.8
vendor:	フォーティネット	model:	fortitester	scope:	eq	version:	7.0.0 that's all 7.1.1	Trust: 0.8
vendor:	フォーティネット	model:	fortitester	scope:	eq	version:	2.3.0 that's all 3.9.2	Trust: 0.8

sources: JVNDB: JVNDB-2022-019253 // NVD: CVE-2022-35844

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-35844
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2022-35844
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-35844
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202210-1206
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-35844
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2022-35844
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-35844
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019253 // CNNVD: CNNVD-202210-1206 // NVD: CVE-2022-35844 // NVD: CVE-2022-35844

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-432095 // JVNDB: JVNDB-2022-019253 // NVD: CVE-2022-35844

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1206

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202210-1206

PATCH

title:	FG-IR-22-247	url:	https://fortiguard.com/psirt/FG-IR-22-247	Trust: 0.8
title:	FortiTester Fixes for operating system command injection vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=211496	Trust: 0.6

sources: JVNDB: JVNDB-2022-019253 // CNNVD: CNNVD-202210-1206

EXTERNAL IDS

db:	NVD	id:	CVE-2022-35844	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-019253	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-1206	Trust: 0.6
db:	VULHUB	id:	VHN-432095	Trust: 0.1

sources: VULHUB: VHN-432095 // JVNDB: JVNDB-2022-019253 // CNNVD: CNNVD-202210-1206 // NVD: CVE-2022-35844

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-247	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-35844	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-35844/	Trust: 0.6

sources: VULHUB: VHN-432095 // JVNDB: JVNDB-2022-019253 // CNNVD: CNNVD-202210-1206 // NVD: CVE-2022-35844

SOURCES

db:	VULHUB	id:	VHN-432095
db:	JVNDB	id:	JVNDB-2022-019253
db:	CNNVD	id:	CNNVD-202210-1206
db:	NVD	id:	CVE-2022-35844

LAST UPDATE DATE

2024-08-14T14:24:29.129000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-432095	date:	2022-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2022-019253	date:	2023-10-25T02:45:00
db:	CNNVD	id:	CNNVD-202210-1206	date:	2022-10-21T00:00:00
db:	NVD	id:	CVE-2022-35844	date:	2022-10-20T18:50:42.873

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-432095	date:	2022-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-019253	date:	2023-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202210-1206	date:	2022-10-18T00:00:00
db:	NVD	id:	CVE-2022-35844	date:	2022-10-18T14:15:09.590