CVE-2022-38372

A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
fortinetCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
fortinetfortitester
2.3.0 ≤
𝑥
≤ 3.9.1
fortinetfortitester
4.0.0 ≤
𝑥
≤ 4.2.0
fortinetfortitester
7.0.0
fortinetfortitester
7.1.0
𝑥
= Vulnerable software versions
References
https://fortiguard.com/psirt/FG-IR-22-283
https://fortiguard.com/psirt/FG-IR-22-283