Overview
- Description
- An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-78
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A56D42B-F3B0-419F-8F1B-2826E28436BD",
"versionEndExcluding": "3.9.2",
"versionStartIncluding": "2.3.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE2EA412-DFA8-4EA8-80B1-081B994AFEDC",
"versionEndExcluding": "4.2.1",
"versionStartIncluding": "4.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B708B54C-64C3-4793-8F81-896CFCA2AFF9",
"versionEndExcluding": "7.1.1",
"versionStartIncluding": "7.0.0"
}
],
"operator": "OR"
}
]
}
]