admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-12 02:04:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-358xx/CVE-2022-35844.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

115 lines
3.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-35844",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2022-10-18T14:15:09.590",
"lastModified": "2022-10-20T18:50:42.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inapropiada de los elementos especiales usados en una vulnerabilidad de comandos del Sistema Operativo [CWE-78] en la interfaz de administraci\u00f3n de FortiTester versiones 2.3.0 hasta 3.9.1, 4.0.0 hasta 4.2.0, 7.0.0 hasta 7.1.0, puede permitir a un atacante autenticado ejecutar comandos no autorizados por medio de argumentos espec\u00edficamente dise\u00f1ados para los comandos de la funcionalidad certificate import"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.3.0",
"versionEndExcluding": "3.9.2",
"matchCriteriaId": "0A56D42B-F3B0-419F-8F1B-2826E28436BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.2.1",
"matchCriteriaId": "FE2EA412-DFA8-4EA8-80B1-081B994AFEDC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.1.1",
"matchCriteriaId": "B708B54C-64C3-4793-8F81-896CFCA2AFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-247",
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink