Sign-up

ID

VAR-202211-0092


CVE

CVE-2022-33870


TITLE

fortinet's  FortiTester  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-022817

DESCRIPTION

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. fortinet's FortiTester for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-33870 // JVNDB: JVNDB-2022-022817 // VULHUB: VHN-426021

AFFECTED PRODUCTS

vendor:fortinetmodel:fortitesterscope:eqversion:3.9.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.5.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.4.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.6.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.8.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.0.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:4.1.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.2.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.9.1

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.7.1

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.1.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:7.1.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:4.1.1

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.5.1

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.3.1

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:4.2.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.3.0

Trust: 1.0

vendor:fortinetmodel:fortitesterscope:eqversion:3.7.0

Trust: 1.0

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.5.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.3.1

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:7.1.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.7.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.3.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.0.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.9.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.4.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.8.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.7.1

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.9.1

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.2.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.6.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:4.1.1

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:4.0.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.1.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:4.1.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:4.2.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:7.0.0

Trust: 0.8

vendor:フォーティネットmodel:fortitesterscope:eqversion:3.5.1

Trust: 0.8

sources: JVNDB: JVNDB-2022-022817 // NVD: CVE-2022-33870

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-33870
value: HIGH

Trust: 1.8

psirt@fortinet.com: CVE-2022-33870
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202211-1920
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-33870
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022817 // NVD: CVE-2022-33870 // NVD: CVE-2022-33870 // CNNVD: CNNVD-202211-1920

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-426021 // JVNDB: JVNDB-2022-022817 // NVD: CVE-2022-33870

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-1920

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202211-1920

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-33870

PATCH
title:FG-IR-22-070url:https://fortiguard.com/psirt/fg-ir-22-070
Trust: 0.8
title:FortiTester Fixes for operating system command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213134
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-022817 // 
            
            
            
            CNNVD: CNNVD-202211-1920

EXTERNAL IDS
db:NVDid:CVE-2022-33870
Trust: 3.3
db:JVNDBid:JVNDB-2022-022817
Trust: 0.8
db:CNNVDid:CNNVD-202211-1920
Trust: 0.6
db:VULHUBid:VHN-426021
Trust: 0.1
sources:
            
            
            VULHUB: VHN-426021 // 
            
            
            
            JVNDB: JVNDB-2022-022817 // 
            
            
            
            NVD: CVE-2022-33870 // 
            
            
            
            CNNVD: CNNVD-202211-1920

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-22-070
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2022-33870
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-33870/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-426021 // 
            
            
            
            JVNDB: JVNDB-2022-022817 // 
            
            
            
            NVD: CVE-2022-33870 // 
            
            
            
            CNNVD: CNNVD-202211-1920

SOURCES
db:VULHUBid:VHN-426021
db:JVNDBid:JVNDB-2022-022817
db:NVDid:CVE-2022-33870
db:CNNVDid:CNNVD-202211-1920

LAST UPDATE DATE
2023-12-18T13:55:12.288000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-426021date:2022-11-04T00:00:00
db:JVNDBid:JVNDB-2022-022817date:2023-11-21T01:44:00
db:NVDid:CVE-2022-33870date:2022-11-04T13:42:49.823
db:CNNVDid:CNNVD-202211-1920date:2022-11-07T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-426021date:2022-11-02T00:00:00
db:JVNDBid:JVNDB-2022-022817date:2023-11-21T00:00:00
db:NVDid:CVE-2022-33870date:2022-11-02T12:15:53.053
db:CNNVDid:CNNVD-202211-1920date:2022-11-02T00:00:00