Telnet Login OS Command Injection Vulnerability in FortiTester

Telnet Login OS Command Injection Vulnerability in FortiTester

CVE-2022-33872 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.

Learn more about our Web Application Penetration Testing UK.