From d2dae74ac372120daea7159442f5409936516e30 Mon Sep 17 00:00:00 2001
From: Fortinet PSIRT Team <psirt_team@fortinet.com>
Date: Wed, 2 Nov 2022 10:16:30 +0100
Subject: [PATCH] Commit CVE-2022-33870

---
 2022/33xxx/CVE-2022-33870.json | 78 ++++++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 2022/33xxx/CVE-2022-33870.json

diff --git a/2022/33xxx/CVE-2022-33870.json b/2022/33xxx/CVE-2022-33870.json
new file mode 100644
index 00000000000..17ce02ed9a2
--- /dev/null
+++ b/2022/33xxx/CVE-2022-33870.json
@@ -0,0 +1,78 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2022-33870",
+        "ASSIGNER": "psirt@fortinet.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Fortinet",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Fortinet FortiTester",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "Low",
+            "attackVector": "Local",
+            "availabilityImpact": "High",
+            "baseScore": 7.4,
+            "baseSeverity": "High",
+            "confidentialityImpact": "High",
+            "integrityImpact": "High",
+            "privilegesRequired": "Low",
+            "scope": "Unchanged",
+            "userInteraction": "None",
+            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Execute unauthorized code or commands"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/psirt/FG-IR-22-070",
+                "url": "https://fortiguard.com/psirt/FG-IR-22-070"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78]\u00a0in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands."
+            }
+        ]
+    }
+}
\ No newline at end of file