| IR Number | FG-IR-22-046 |
| Date | Feb 16, 2023 |
| Component | GUI |
| Severity |
High |
| CVSSv3 Score | 7.4 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2022-27482 |
| Affected Products |
FortiADC
:
7.0.1, 7.0.0, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.6, 6.1.5, 6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiADC - OS command injection vulnerability in CLI
Summary
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiADC may allow an authenticated attacker to execute arbitrary shell code as `root` via CLI commands.
Affected Products
At least
FortiADC version 7.0.0 through 7.0.1
FortiADC version 6.2.0 through 6.2.3
FortiADC 6.1 all versions
FortiADC 6.0 all versions
FortiADC 5.4 all versions
FortiADC 5.3 all versions
FortiADC 5.2 all versions
FortiADC 5.1 all versions
FortiADC 5.0 all versions
Solutions
Please upgrade to FortiADC version 7.0.2 or above,
Please upgrade to FortiADC version 6.2.4 or above.