CVE-2022-40679

HIGH

FortiADC 5.x-7.1.0, FortiDDoS 4.x-5.6.x, FortiDDoS-F 6.1.0-6.4.0 - OS Command Injection

Title source: llm

Description

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

References (1)

Core 1

Core References

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-335

Scores

CVSS v3 7.8

EPSS 0.0028

EPSS Percentile 51.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (4)

fortinet/fortiadc 5.0.0 - 6.2.5

fortinet/fortiddos 4.0.0 - 5.7.0

fortinet/fortiddos-f 6.4.0

fortinet/fortiddos-f 6.1.0 - 6.1.5

Published Apr 11, 2023

Tracked Since Feb 18, 2026