ID

VAR-202211-0092


CVE

CVE-2022-33870


TITLE

fortinet's  FortiTester  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-022817

DESCRIPTION

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. fortinet's FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-33870 // JVNDB: JVNDB-2022-022817 // VULHUB: VHN-426021

AFFECTED PRODUCTS

vendor:fortinetmodel:fortitesterscope:eqversion:3.2.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.6.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.9.1

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:4.1.1

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.7.1

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.3.1

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.8.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.5.1

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.1.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:4.2.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.4.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.0.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:7.1.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.5.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.3.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.9.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.7.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:4.1.0

Trust: 1.0

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.5.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.3.1

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:7.1.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.7.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.3.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.0.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.9.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.4.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.8.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.7.1

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.9.1

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.2.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.6.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:4.1.1

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:4.0.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.1.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:4.1.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:4.2.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:7.0.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.5.1

Trust: 0.8

sources: JVNDB: JVNDB-2022-022817 // NVD: CVE-2022-33870

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-33870
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2022-33870
value: HIGH

Trust: 1.0

NVD: CVE-2022-33870
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202211-1920
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-33870
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-33870
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022817 // CNNVD: CNNVD-202211-1920 // NVD: CVE-2022-33870 // NVD: CVE-2022-33870

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-426021 // JVNDB: JVNDB-2022-022817 // NVD: CVE-2022-33870

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-1920

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202211-1920

PATCH

title:FG-IR-22-070url:https://fortiguard.com/psirt/FG-IR-22-070

Trust: 0.8

title:FortiTester Fixes for operating system command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213134

Trust: 0.6

sources: JVNDB: JVNDB-2022-022817 // CNNVD: CNNVD-202211-1920

EXTERNAL IDS

db:NVDid:CVE-2022-33870

Trust: 3.3

db:JVNDBid:JVNDB-2022-022817

Trust: 0.8

db:CNNVDid:CNNVD-202211-1920

Trust: 0.6

db:VULHUBid:VHN-426021

Trust: 0.1

sources: VULHUB: VHN-426021 // JVNDB: JVNDB-2022-022817 // CNNVD: CNNVD-202211-1920 // NVD: CVE-2022-33870

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-070

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-33870

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-33870/

Trust: 0.6

sources: VULHUB: VHN-426021 // JVNDB: JVNDB-2022-022817 // CNNVD: CNNVD-202211-1920 // NVD: CVE-2022-33870

SOURCES

db:VULHUBid:VHN-426021
db:JVNDBid:JVNDB-2022-022817
db:CNNVDid:CNNVD-202211-1920
db:NVDid:CVE-2022-33870

LAST UPDATE DATE

2024-08-14T15:37:19.899000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-426021date:2022-11-04T00:00:00
db:JVNDBid:JVNDB-2022-022817date:2023-11-21T01:44:00
db:CNNVDid:CNNVD-202211-1920date:2022-11-07T00:00:00
db:NVDid:CVE-2022-33870date:2022-11-04T13:42:49.823

SOURCES RELEASE DATE

db:VULHUBid:VHN-426021date:2022-11-02T00:00:00
db:JVNDBid:JVNDB-2022-022817date:2023-11-21T00:00:00
db:CNNVDid:CNNVD-202211-1920date:2022-11-02T00:00:00
db:NVDid:CVE-2022-33870date:2022-11-02T12:15:53.053