First published: Tue Oct 10 2023(Updated: )
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.
Credit: psirt@fortinet.com psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiIsolator | >=2.3.0<=2.3.4 | |
Fortinet FortiIsolator | =1.0.0 | |
Fortinet FortiIsolator | =1.1.0 | |
Fortinet FortiIsolator | =1.2.0 | |
Fortinet FortiIsolator | =1.2.1 | |
Fortinet FortiIsolator | =1.2.2 | |
Fortinet FortiIsolator | =2.0.0 | |
Fortinet FortiIsolator | =2.0.1 | |
Fortinet FortiIsolator | =2.1.0 | |
Fortinet FortiIsolator | =2.1.1 | |
Fortinet FortiIsolator | =2.1.2 | |
Fortinet FortiIsolator | =2.2.0 |
Upgrade to FortiIsolator version 2.4.0 or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-22298 refers to the improper neutralization of special elements used in an os command (os command injection) vulnerability in Fortinet FortiIsolator.
Versions 1.0.0 through 1.2.2 and versions 2.0.0 through 2.1.2 of Fortinet FortiIsolator are affected.
CVE-2022-22298 has a severity rating of 7.8 (High).
CVE-2022-22298 allows for improper neutralization of special elements in an os command, which could lead to os command injection in Fortinet FortiIsolator.
To mitigate the CVE-2022-22298 vulnerability, it is recommended to update Fortinet FortiIsolator to version 2.2.0 or a later version.