CVE-2022-27486
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2022-27486 is a critical vulnerability affecting various versions of Fortinet FortiDDoS and FortiDDoS-F. This issue stems from an improper handling of special elements in os commands, which results in os command injection. An attacker who is authenticated to the system can exploit this vulnerability to execute shell code with root privileges by utilizing `execute` CLI commands. This poses a significant risk to affected installations, as an attacker could gain complete control over the system. Fortinet has released patches to address this vulnerability, and it is strongly recommended that users upgrade as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Fortinet