CVE-2022-38372
First published: Wed Nov 02 2022(Updated: )
A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet Fortitester | >=2.3.0<=3.9.1 | |
| Fortinet Fortitester | >=4.0.0<=4.2.0 | |
| Fortinet Fortitester | =7.0.0 | |
| Fortinet Fortitester | =7.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-38372?
CVE-2022-38372 is a hidden functionality vulnerability in FortiTester CLI versions 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, and 7.0.0 through 7.1.0.
How does CVE-2022-38372 impact the device?
CVE-2022-38372 may allow a local, privileged user to obtain a root shell on the FortiTester device via an undocumented command.
What is the severity of CVE-2022-38372?
CVE-2022-38372 has a severity rating of medium with a CVSS score of 6.7.
Which versions of FortiTester CLI are affected?
FortiTester CLI versions 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, and 7.0.0 through 7.1.0 are affected.
How can I fix CVE-2022-38372?
To fix CVE-2022-38372, it is recommended to update FortiTester CLI to a version that is not affected by the vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortitester
- version/fortinet fortitester/2.3.0
- version/fortinet fortitester/3.9.1
- version/fortinet fortitester/4.0.0
- version/fortinet fortitester/4.2.0
- version/fortinet fortitester/7.0.0
- version/fortinet fortitester/7.1.0