CVE-2022-27486

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root` via `execute` CLI commands.

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-22-047	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortinet:fortiddos::::::::
	cpe:2.3:a:fortinet:fortiddos:5.7.0:::::::*
	cpe:2.3:a:fortinet:fortiddos-f::::::::
	cpe:2.3:a:fortinet:fortiddos-f::::::::
	cpe:2.3:a:fortinet:fortiddos-f:6.5.0:::::::*

History

22 Aug 2024, 14:29

Type	Values Removed	Values Added
References	~~() https://fortiguard.com/psirt/FG-IR-22-047 -~~	() https://fortiguard.com/psirt/FG-IR-22-047 - Vendor Advisory
First Time		Fortinet Fortinet fortiddos-f Fortinet fortiddos
CVSS	v2 : ~~unknown~~ v3 : ~~6.6~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:a:fortinet:fortiddos:5.7.0:::::::* cpe:2.3:a:fortinet:fortiddos-f:::::::: cpe:2.3:a:fortinet:fortiddos-f:6.5.0:::::::* cpe:2.3:a:fortinet:fortiddos::::::::

13 Aug 2024, 17:11

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-13 16:15

Updated : 2024-08-22 14:29

NVD link : CVE-2022-27486

Mitre link : CVE-2022-27486

CVE.ORG link : CVE-2022-27486

JSON object : View

Products Affected

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2022-27486", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 1.8}]}, "published": "2024-08-13T16:15:07.693", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-047", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root`\u00a0via `execute` CLI commands."}, {"lang": "es", "value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en Fortinet FortiDDoS versi\u00f3n 5.5.0 a 5.5.1, 5.4.2 a 5.4.0, 5.3.0 a 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 y 4.5.0 y FortiDDoS-F versi\u00f3n 6.3.0 a 6.3.1, 6.2.0 a 6.2.2, 6.1.0 a 6.1.4 permite una autenticaci\u00f3n atacante ejecutar c\u00f3digo de shell como \"root\" mediante comandos CLI \"ejecutar\"."}], "lastModified": "2024-08-22T14:29:44.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiddos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31921E5A-497A-4BD6-9BE8-2307272F3FEC", "versionEndExcluding": "5.6.2", "versionStartIncluding": "4.5.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos:5.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "258903F9-C0F0-40CD-8895-43FF00C71709"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "561DFFB8-E39C-40D1-A7E7-255BDD6F9F73"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "777DD368-CD36-4842-BA0F-C7C64E7D2A78", "versionEndExcluding": "6.4.2", "versionStartIncluding": "6.1.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiddos-f:6.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DB1731B-7799-408B-8F8C-F5ABFEA7A180"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}