CVE-2022-35845

Name of the Vulnerable Software and Affected Versions FortiTester versions 2.3.0 through 3.9.1 FortiTester versions 4.0.0 through 4.2.0 FortiTester versions 7.0.0 through 7.1.0

Description The issue exists due to the failure to neutralize special elements used in an OS command, allowing an authenticated attacker to execute arbitrary commands in the underlying shell. This is a result of improper neutralization of special elements used in an OS Command, also known as 'OS Command Injection'.

Recommendations For FortiTester versions 2.3.0 through 3.9.1, update to a version that fixes the OS Command Injection vulnerability. For FortiTester versions 4.0.0 through 4.2.0, update to a version that fixes the OS Command Injection vulnerability. For FortiTester versions 7.0.0 through 7.1.0, update to a version that fixes the OS Command Injection vulnerability. As a temporary workaround, consider restricting access to the vulnerable OS Command functionality until a patch is available.