CVE-2022-30303

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.3.0 through 6.3.19 FortiWeb versions 6.4 FortiWeb versions 7.0.0 through 7.0.1

Description The issue is related to an improper neutralization of special elements used in an os command, which may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests. This could potentially be exploited by sending specially formed HTTP requests.

Recommendations For FortiWeb versions 6.3.0 through 6.3.19, update to a version outside of this range to mitigate the risk. For FortiWeb versions 6.4, update to a version outside of this range to mitigate the risk. For FortiWeb versions 7.0.0 through 7.0.1, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the vulnerable HTTP request handling mechanism until a patch is available.