Lucene search
FortinetCVE-2022-38372HistoryNov 02, 2022 - 12:15 p.m.
CVE-2022-38372
2022-11-0212:15:53
fortinet
web.nvd.nist.gov
38
4
cve-2022-38372
fortitester
cli
cwe-1242
security vulnerability
root shell
undocumented command
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
6.3
Confidence
High
EPSS
0
Percentile
5.1%
A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command.
Affected configurations
Node
fortinetfortitesterRange2.3.0–3.9.1
ORfortinetfortitesterRange4.0.0–4.2.0
ORfortinetfortitesterMatch7.0.0
ORfortinetfortitesterMatch7.1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fortinet | fortitester | * | cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:* |
| fortinet | fortitester | 7.0.0 | cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:* |
| fortinet | fortitester | 7.1.0 | cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Fortinet",
"product": "Fortinet FortiTester",
"versions": [
{
"version": "FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0",
"status": "affected"
}
]
}
]References
Social References
More
Related
nvd
nvd
CVE-2022-38372
2022-11-02 12:15:53
cvelist
cvelist
CVE-2022-38372
2022-11-02 00:00:00
prion
prion
Command injection
2022-11-02 12:15:00
fortinet
fortinet
FortiTester - Undocumented shell command
2022-11-01 00:00:00
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
6.3
Confidence
High
EPSS
0
Percentile
5.1%
Related for CVE-2022-38372