CVE-2022-27482

HIGH

FortiADC 5.x.x-7.0.1 - OS Command Injection via CLI Commands

Title source: llm

Description

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands.

References (1)

Core 1

Core References

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-046

Scores

CVSS v3 7.8

EPSS 0.0060

EPSS Percentile 69.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (3)

fortinet/fortiadc 7.0.0

fortinet/fortiadc 7.0.1

fortinet/fortiadc 5.0.0 - 5.0.4

Published Feb 16, 2023

Tracked Since Feb 18, 2026