OS Command Injection Vulnerability in FortiTester Console Login Components

OS Command Injection Vulnerability in FortiTester Console Login Components

CVE-2022-33873 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.

Learn more about our Web Application Penetration Testing UK.