OS command injection in CLI commands Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-233 Final 1 1 2023-10-10T00:00:00 Current version 2023-10-10T00:00:00 2023-10-10T00:00:00 An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiIsolator may allow a privileged attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters. None Execute unauthorized code or commands FortiIsolator version 1.0.0FortiIsolator version 1.1.0FortiIsolator version 1.2.0 through 1.2.2FortiIsolator version 2.0.0 through 2.0.1FortiIsolator version 2.1.0 through 2.1.2FortiIsolator version 2.2.0FortiIsolator version 2.3.0 through 2.3.4 Upgrade to FortiIsolator version 2.4.0 or above. Internally discovered and reported by Mattia Fecit of Fortinet Product Security team. CVE-2022-22298 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-233 OS command injection in CLI commands Reference>