Details of VAR-202212-0704

ID

VAR-202212-0704

CVE

CVE-2022-33875

TITLE

fortinet's FortiADC In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-023338

DESCRIPTION

An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. fortinet's FortiADC for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-33875 // JVNDB: JVNDB-2022-023338 // VULHUB: VHN-426026

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiadc	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	gte	version:	5.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiadc	scope:	lte	version:	6.2.4	Trust: 1.0
vendor:	フォーティネット	model:	fortiadc	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiadc	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023338 // NVD: CVE-2022-33875

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-33875
value:	HIGH
Trust: 1.8
psirt@fortinet.com:	CVE-2022-33875
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202212-2593
value:	HIGH
Trust: 0.6

NVD:
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2022-33875
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023338 // NVD: CVE-2022-33875 // NVD: CVE-2022-33875 // CNNVD: CNNVD-202212-2593

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.1
problemtype:	SQL injection (CWE-89) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-426026 // JVNDB: JVNDB-2022-023338 // NVD: CVE-2022-33875

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2593

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202212-2593

CONFIGURATIONS

sources: NVD: CVE-2022-33875

PATCH

title:	FG-IR-22-252	url:	https://www.fortiguard.com/psirt/fg-ir-22-252	Trust: 0.8
title:	Fortinet FortiADC SQL Repair measures for injecting vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216883	Trust: 0.6

sources: JVNDB: JVNDB-2022-023338 // CNNVD: CNNVD-202212-2593

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33875	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-023338	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-2593	Trust: 0.6
db:	VULHUB	id:	VHN-426026	Trust: 0.1

sources: VULHUB: VHN-426026 // JVNDB: JVNDB-2022-023338 // NVD: CVE-2022-33875 // CNNVD: CNNVD-202212-2593

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-252	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33875	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-33875/	Trust: 0.6

sources: VULHUB: VHN-426026 // JVNDB: JVNDB-2022-023338 // NVD: CVE-2022-33875 // CNNVD: CNNVD-202212-2593

SOURCES

db:	VULHUB	id:	VHN-426026
db:	JVNDB	id:	JVNDB-2022-023338
db:	NVD	id:	CVE-2022-33875
db:	CNNVD	id:	CNNVD-202212-2593

LAST UPDATE DATE

2023-12-18T12:25:44.381000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426026	date:	2022-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-023338	date:	2023-11-28T06:35:00
db:	NVD	id:	CVE-2022-33875	date:	2023-11-07T03:48:23.073
db:	CNNVD	id:	CNNVD-202212-2593	date:	2022-12-09T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426026	date:	2022-12-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-023338	date:	2023-11-28T00:00:00
db:	NVD	id:	CVE-2022-33875	date:	2022-12-06T17:15:10.750
db:	CNNVD	id:	CNNVD-202212-2593	date:	2022-12-06T00:00:00