CVE-2022-35844

Name of the Vulnerable Software and Affected Versions FortiTester versions 2.3.0 through 3.9.1 FortiTester versions 4.0.0 through 4.2.0 FortiTester versions 7.0.0 through 7.1.0

Description The issue exists due to the failure to neutralize special elements used in an OS command, allowing an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature. This can be done by exploiting the management interface of FortiTester.

Recommendations For FortiTester versions 2.3.0 through 3.9.1, update to a version outside of this range to mitigate the risk. For FortiTester versions 4.0.0 through 4.2.0, update to a version outside of this range to mitigate the risk. For FortiTester versions 7.0.0 through 7.1.0, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the certificate import feature until a patch is available.