Auto-merge PR#7885

2025-08-04 08:44:25 +00:00 · 2022-11-02 08:02:08 -04:00 · 2022-11-02 08:02:08 -04:00 · 90275fa292
commit 90275fa292
parent 6e3d730738 7c32b85688
1 changed files with 63 additions and 3 deletions
--- a/2022/33xxx/CVE-2022-33870.json
+++ b/2022/33xxx/CVE-2022-33870.json
@ -4,14 +4,74 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-33870",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "psirt@fortinet.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Fortinet",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Fortinet FortiTester",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "Low",
+            "attackVector": "Local",
+            "availabilityImpact": "High",
+            "baseScore": 7.4,
+            "baseSeverity": "High",
+            "confidentialityImpact": "High",
+            "integrityImpact": "High",
+            "privilegesRequired": "Low",
+            "scope": "Unchanged",
+            "userInteraction": "None",
+            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Execute unauthorized code or commands"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/psirt/FG-IR-22-070",
+                "url": "https://fortiguard.com/psirt/FG-IR-22-070"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78]\u00a0in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands."
            }
        ]
    }