CVE-2022-27486

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 13, 2024
Updated: Aug 22, 2024
CWE ID 78

Summary

CVE-2022-27486 is a critical vulnerability affecting various versions of Fortinet FortiDDoS and FortiDDoS-F. This issue stems from an improper handling of special elements in os commands, which results in os command injection. An attacker who is authenticated to the system can exploit this vulnerability to execute shell code with root privileges by utilizing `execute` CLI commands. This poses a significant risk to affected installations, as an attacker could gain complete control over the system. Fortinet has released patches to address this vulnerability, and it is strongly recommended that users upgrade as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share