Command injection vulnerability Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-157 Final 1 1 2023-02-16T00:00:00 Current version 2023-02-16T00:00:00 2023-02-16T00:00:00 An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. None Execute unauthorized code or commands Fortinet is pleased to thank ZiTong Wang from DBappSecurity Co. Ltd. Hatlab for reporting this vulnerability under responsible disclosure. FortiWAN 4.5.9 FortiWAN 4.5.8 FortiWAN 4.5.7 FortiWAN 4.5.6 FortiWAN 4.5.5 FortiWAN 4.5.4 FortiWAN 4.5.3 FortiWAN 4.5.2 FortiWAN 4.5.1 FortiWAN 4.5.0 FortiWAN 4.4.1 FortiWAN 4.4.0 FortiWAN 4.3.1 FortiWAN 4.3.0 FortiWAN 4.2.7 FortiWAN 4.2.6 FortiWAN 4.2.5 FortiWAN 4.2.2 FortiWAN 4.2.1 FortiWAN 4.1.3 FortiWAN 4.1.2 FortiWAN 4.1.1 FortiWAN 4.0.6 FortiWAN 4.0.5 FortiWAN 4.0.4 FortiWAN 4.0.3 FortiWAN 4.0.2 FortiWAN 4.0.1 FortiWAN 4.0.0 CVE-2022-33869 FortiWAN-4.5.9 FortiWAN-4.5.8 FortiWAN-4.5.7 FortiWAN-4.5.6 FortiWAN-4.5.5 FortiWAN-4.5.4 FortiWAN-4.5.3 FortiWAN-4.5.2 FortiWAN-4.5.1 FortiWAN-4.5.0 FortiWAN-4.4.1 FortiWAN-4.4.0 FortiWAN-4.3.1 FortiWAN-4.3.0 FortiWAN-4.2.7 FortiWAN-4.2.6 FortiWAN-4.2.5 FortiWAN-4.2.2 FortiWAN-4.2.1 FortiWAN-4.1.3 FortiWAN-4.1.2 FortiWAN-4.1.1 FortiWAN-4.0.6 FortiWAN-4.0.5 FortiWAN-4.0.4 FortiWAN-4.0.3 FortiWAN-4.0.2 FortiWAN-4.0.1 FortiWAN-4.0.0 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R https://fortiguard.fortinet.com/psirt/FG-IR-22-157 Command injection vulnerability Reference>