CVSS: 4.7EPSS: 0%CPEs: 99EXPL: 0CVE-2022-23439
https://notcve.org/view.php?id=CVE-2022-23439
22 Jan 2025 — A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.... • https://fortiguard.com/psirt/FG-IR-21-254 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2023-40716
https://notcve.org/view.php?id=CVE-2023-40716
13 Dec 2023 — An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup . Una neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo [CWE-78] en el intérprete de línea de comando de FortiTester 2.3.0 a 7.2.3 puede permitir q... • https://fortiguard.com/psirt/FG-IR-22-345 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40715
https://notcve.org/view.php?id=CVE-2023-40715
13 Sep 2023 — A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device. Una vulnerabilidad de almacenamiento de texto sin cifrar de información sensible [CWE-312] en FortiTester 2.3.0 a 7.2.3 puede permitir que un atacante con acceso al contenido de la base de datos recupere la contraseña de texto plano de servidores externos configurados en el... • https://fortiguard.com/psirt/FG-IR-22-465 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40717
https://notcve.org/view.php?id=CVE-2023-40717
13 Sep 2023 — A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands. Un uso de la vulnerabilidad de credenciales codificadas [CWE-798] en FortiTester 2.3.0 a 7.2.3 puede permitir que un atacante que logró obtener un shell en el dispositivo acceda a la base de datos mediante comandos de shell. A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3... • https://fortiguard.com/psirt/FG-IR-22-245 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36642
https://notcve.org/view.php?id=CVE-2023-36642
13 Sep 2023 — An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. Una neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo [CWE-78] en la interfaz de administración de FortiTester 3.0.0 a 7.2.3 puede permitir que un atacante autentica... • https://fortiguard.com/psirt/FG-IR-22-501 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35845
https://notcve.org/view.php?id=CVE-2022-35845
03 Jan 2023 — Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell. • https://fortiguard.com/psirt/FG-IR-22-274 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-33870
https://notcve.org/view.php?id=CVE-2022-33870
02 Nov 2022 — An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. Una neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo [CWE-78] en el intérprete de línea de comando de FortiTester 3.0.... • https://fortiguard.com/psirt/FG-IR-22-070 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-38372
https://notcve.org/view.php?id=CVE-2022-38372
02 Nov 2022 — A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command. Una vulnerabilidad de funcionalidad oculta [CWE-1242] en FortiTester CLI 2.3.0 a 3.9.1, 4.0.0 a 4.2.0, 7.0.0 a 7.1.0 puede permitir que un usuario local privilegiado obtenga un shell root en el dispositivo a través de un comando indocumentado. • https://fortiguard.com/psirt/FG-IR-22-283 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-35846
https://notcve.org/view.php?id=CVE-2022-35846
10 Oct 2022 — An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack. Una vulnerabilidad de restricción inapropiada de intentos de autenticación excesivos [CWE-307] en el puerto Telnet de FortiTester versiones 2.3.0 hasta 3.9.1, 4.0.0 hasta 4.2.0, 7.0.0 hasta 7.1.0, puede permitir a un atacante no aut... • https://fortiguard.com/psirt/FG-IR-22-244 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33873
https://notcve.org/view.php?id=CVE-2022-33873
10 Oct 2022 — An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell. Unas vulnerabilidades de neutralización inapropiada de los elementos especiales usados en un comando del Sistema Operativo ("Inyección de Comandos del Sistema Operativo") [CWE-78] en los component... • https://fortiguard.com/psirt/FG-IR-22-237 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •