Fortinet fixed multiple command injection bugs in FortiADC and FortiTester

Fortinet addressed multiple vulnerabilities impacting its products and warned of a high-severity command injection flaw in FortiADC.

Cybersecurity vendor Fortinet addressed several vulnerabilities impacting its products. The compaby also warned customers of a high-severity command injection flaw, tracked as CVE-2022-39947 (CVSS score of 8.6), affecting the Application Delivery Controller FortiADC.

The CVE-2022-39947 flaw is an improper neutralization of special elements used in an OS Command vulnerability in FortiADC, it can potentially lead to arbitrary code execution via specifically crafted HTTP requests.

“An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.” reads the advisory published by the vendor.

Below is the list of affected versions:

FortiADC version 7.0.0 through 7.0.2
FortiADC version 6.2.0 through 6.2.3
FortiADC version 6.1.0 through 6.1.6
FortiADC version 6.0.0 through 6.0.4
FortiADC version 5.4.0 through 5.4.5

The flaw was discovered internally and reported by Gwendal Guégniaud of Fortinet Product Security. Team.

The vendor also addressed several high-severity command injection vulnerabilities in FortiTester, tracked as CVE-2022-35845 (CVSS score of 7.6) that may allow an authenticated attacker to execute arbitrary commands in the underlying shell.

“Multiple improper neutralization of special elements used in an OS Command (‘OS Command Injection’) vulnerabilities [CWE-78] in FortiTester may allow an authenticated attacker to execute arbitrary commands in the underlying shell.” reads the advisory.

Affected products are:

FortiTester version 7.1.0
FortiTester version 7.0 all versions
FortiTester version 4.0.0 through 4.2.0
FortiTester version 2.3.0 through 3.9.1

The flaws were internally discovered and reported by Wilfried Djettchou of the Fortinet Product Security team.

The vendor did not warn of active exploitation of the above vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, command injection)

[adrotate banner=”5″]

[adrotate banner=”13″]