Sign-up

ID

VAR-202211-0213


CVE

CVE-2022-38372


TITLE

fortinet's  FortiTester  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-022809

DESCRIPTION

A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command. fortinet's FortiTester Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-38372 // JVNDB: JVNDB-2022-022809 // VULHUB: VHN-434166

AFFECTED PRODUCTS

vendor:fortinetmodel:fortitesterscope:eqversion:7.1.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:gteversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:gteversion:2.3.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:lteversion:3.9.1

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:lteversion:4.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortitesterscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:2.3.0 to 3.9.1

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:7.0.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:7.1.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:4.0.0 to 4.2.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022809 // NVD: CVE-2022-38372

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-38372
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2022-38372
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-38372
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202211-1916
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-38372
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-38372
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022809 // CNNVD: CNNVD-202211-1916 // NVD: CVE-2022-38372 // NVD: CVE-2022-38372

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-022809 // NVD: CVE-2022-38372

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-1916

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-1916

PATCH

title:FG-IR-22-283url:https://fortiguard.com/psirt/FG-IR-22-283

Trust: 0.8

title:FortiTester Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213133

Trust: 0.6

sources: JVNDB: JVNDB-2022-022809 // CNNVD: CNNVD-202211-1916

EXTERNAL IDS

db:NVDid:CVE-2022-38372

Trust: 3.3

db:JVNDBid:JVNDB-2022-022809

Trust: 0.8

db:CNNVDid:CNNVD-202211-1916

Trust: 0.6

db:VULHUBid:VHN-434166

Trust: 0.1

sources: VULHUB: VHN-434166 // JVNDB: JVNDB-2022-022809 // CNNVD: CNNVD-202211-1916 // NVD: CVE-2022-38372

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-283

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-38372

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-38372/

Trust: 0.6

sources: VULHUB: VHN-434166 // JVNDB: JVNDB-2022-022809 // CNNVD: CNNVD-202211-1916 // NVD: CVE-2022-38372

SOURCES

db:VULHUBid:VHN-434166
db:JVNDBid:JVNDB-2022-022809
db:CNNVDid:CNNVD-202211-1916
db:NVDid:CVE-2022-38372

LAST UPDATE DATE

2024-08-14T15:11:12.988000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-434166date:2022-11-04T00:00:00
db:JVNDBid:JVNDB-2022-022809date:2023-11-21T01:15:00
db:CNNVDid:CNNVD-202211-1916date:2022-11-07T00:00:00
db:NVDid:CVE-2022-38372date:2022-11-04T03:26:28.770

SOURCES RELEASE DATE

db:VULHUBid:VHN-434166date:2022-11-02T00:00:00
db:JVNDBid:JVNDB-2022-022809date:2023-11-21T00:00:00
db:CNNVDid:CNNVD-202211-1916date:2022-11-02T00:00:00
db:NVDid:CVE-2022-38372date:2022-11-02T12:15:53.800