Lucene search

FortinetCVE-2022-29061

HistorySep 09, 2022 - 7:15 a.m.

CVE-2022-29061

2022-09-0907:15:07

CWE-78

fortinet

web.nvd.nist.gov

cve-2022-29061

os command injection

cwe-78

fortinet fortisoar

security vulnerability

nvd

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

51.1%

JSON

An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.

Affected configurations

Nvd

Node

fortinetfortisoarRange6.4.1–6.4.4

fortinetfortisoarRange7.0.0–7.0.3

fortinetfortisoarMatch7.2.0

VendorProductVersionCPE
fortinetfortisoar*cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*
fortinetfortisoar7.2.0cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortisoar	*	cpe:2.3:a:fortinet:fortisoar::::::::
fortinet	fortisoar	7.2.0	cpe:2.3:a:fortinet:fortisoar:7.2.0:::::::*

CNA Affected

[
  {
    "product": "Fortinet FortiSOAR",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiSOAR 7.2.0, 7.0.2, 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.1"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-22-156

Social References

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

51.1%

JSON

Related for CVE-2022-29061