ID

VAR-202212-0704


CVE

CVE-2022-33875


TITLE

fortinet's  FortiADC  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-023338

DESCRIPTION

An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. fortinet's FortiADC for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-33875 // JVNDB: JVNDB-2022-023338 // VULHUB: VHN-426026

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiadcscope:lteversion:6.2.4

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:eqversion:7.0.2

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:eqversion:7.1.0

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:eqversion:7.0.1

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:gteversion:5.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortiadcscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023338 // NVD: CVE-2022-33875

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-33875
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2022-33875
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-33875
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202212-2593
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-33875
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-33875
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2022-33875
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023338 // CNNVD: CNNVD-202212-2593 // NVD: CVE-2022-33875 // NVD: CVE-2022-33875

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

problemtype:SQL injection (CWE-89) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-426026 // JVNDB: JVNDB-2022-023338 // NVD: CVE-2022-33875

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2593

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202212-2593

PATCH

title:FG-IR-22-252url:https://www.fortiguard.com/psirt/FG-IR-22-252

Trust: 0.8

title:Fortinet FortiADC SQL Repair measures for injecting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=216883

Trust: 0.6

sources: JVNDB: JVNDB-2022-023338 // CNNVD: CNNVD-202212-2593

EXTERNAL IDS

db:NVDid:CVE-2022-33875

Trust: 3.3

db:JVNDBid:JVNDB-2022-023338

Trust: 0.8

db:CNNVDid:CNNVD-202212-2593

Trust: 0.6

db:VULHUBid:VHN-426026

Trust: 0.1

sources: VULHUB: VHN-426026 // JVNDB: JVNDB-2022-023338 // CNNVD: CNNVD-202212-2593 // NVD: CVE-2022-33875

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-252

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-33875

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-33875/

Trust: 0.6

sources: VULHUB: VHN-426026 // JVNDB: JVNDB-2022-023338 // CNNVD: CNNVD-202212-2593 // NVD: CVE-2022-33875

SOURCES

db:VULHUBid:VHN-426026
db:JVNDBid:JVNDB-2022-023338
db:CNNVDid:CNNVD-202212-2593
db:NVDid:CVE-2022-33875

LAST UPDATE DATE

2024-08-14T14:37:09.253000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-426026date:2022-12-08T00:00:00
db:JVNDBid:JVNDB-2022-023338date:2023-11-28T06:35:00
db:CNNVDid:CNNVD-202212-2593date:2022-12-09T00:00:00
db:NVDid:CVE-2022-33875date:2023-11-07T03:48:23.073

SOURCES RELEASE DATE

db:VULHUBid:VHN-426026date:2022-12-06T00:00:00
db:JVNDBid:JVNDB-2022-023338date:2023-11-28T00:00:00
db:CNNVDid:CNNVD-202212-2593date:2022-12-06T00:00:00
db:NVDid:CVE-2022-33875date:2022-12-06T17:15:10.750