Lucene search

K
nvd[email protected]NVD:CVE-2022-40679
HistoryApr 11, 2023 - 5:15 p.m.

CVE-2022-40679

2023-04-1117:15:07
CWE-78
web.nvd.nist.gov
4
cve-2022-40679
os command vulnerability
fortiadc
fortiddos
authenticated attacker
unauthorized commands

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

9.6%

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Affected configurations

Nvd
Node
fortinetfortiadcRange5.0.06.2.5
OR
fortinetfortiddosRange4.0.05.7.0
OR
fortinetfortiddos-fRange6.1.06.1.5
OR
fortinetfortiddos-fRange6.2.06.2.3
OR
fortinetfortiddos-fRange6.3.06.3.4
OR
fortinetfortiddos-fMatch6.4.0
VendorProductVersionCPE
fortinetfortiadc*cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
fortinetfortiddos*cpe:2.3:a:fortinet:fortiddos:*:*:*:*:*:*:*:*
fortinetfortiddos-f*cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*
fortinetfortiddos-f6.4.0cpe:2.3:a:fortinet:fortiddos-f:6.4.0:*:*:*:*:*:*:*

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

9.6%

Related for NVD:CVE-2022-40679