CVE-2022-33875

Name of the Vulnerable Software and Affected Versions Fortinet FortiADC versions 6.2.4 and below Fortinet FortiADC versions 7.0.0 through 7.0.2 Fortinet FortiADC version 7.1.0

Description An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Recommendations For Fortinet FortiADC versions 6.2.4 and below, update to a version above 6.2.4 to mitigate the risk. For Fortinet FortiADC versions 7.0.0 through 7.0.2, update to a version above 7.0.2 to mitigate the risk. For Fortinet FortiADC version 7.1.0, update to a version above 7.1.0 to mitigate the risk. As a temporary workaround, consider restricting access to the SQL command interface until a patch is available. Avoid using specifically crafted HTTP requests in the affected API endpoints until the issue is resolved.