FortiTester versions prior to 7.1.0 are vulnerable to OS Command Injection [CWE-78] due to improper handling of special characters (/ and \), with the remote execution of arbitrary commands. FortiTester versions 7.1.0 and later are not vulnerable to this issue. FortiTester versions prior to 7.0.0 may be vulnerable to OS Command Injection [CWE-78] due to improper handling of special characters (/ and \), with the remote execution of arbitrary commands. FortiTester versions 7.0.0 and later are not vulnerable to this issue. FortiTester versions prior to 4.2.0 may be vulnerable to OS Command Injection [CWE-78] due to improper handling of special characters (/ and \), with the remote execution of arbitrary commands. FortiTester versions 4.2.0 and later are not vulnerable to this issue. FortiTester versions prior to 7.1.0 are vulnerable to OS Command Injection [CWE-78] due to improper handling of special characters (/ and \), with the remote execution of arbitrary commands. FortiTester versions 7.1.0 and later are not vulnerable to this issue. FortiTester versions prior to 7.0.0 are vulnerable to OS Command Injection [CWE-78] due to improper handling of special characters (/ and \). FortiTester versions 7.0.0
References
[1] Fortinet FortiTester Versions Prior to 7.1.0 Are Vulnerable to OS Command Injection [CWE-78]
[2] New OS Command Injection Vulnerability in FortiTester (CVE-2022-33872)
Issues in CVE-2022 -33872
The issue in CVE-2022-33872 is a vulnerability discovered by Tenable Network Security. This vulnerability is being exploited in the wild targeting FortiTester versions prior to 7.1.0. This CVE has been assigned the identifier CVE-2022-33872, and will be publicly disclosed when any of the following criteria are met:
A patch that resolves this vulnerability is released
A workaround to mitigate this security risk is available
Timeline
Published on: 10/18/2022 15:15:00 UTC
Last modified on: 10/21/2022 13:00:00 UTC