CVE-2022-40677
First published: Thu Feb 16 2023(Updated: )
A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiNAC | >=8.5.0<=8.5.4 | |
| Fortinet FortiNAC | >=8.6.0<=8.6.5 | |
| Fortinet FortiNAC | >=8.7.0<=8.7.6 | |
| Fortinet FortiNAC | >=8.8.0<=8.8.11 | |
| Fortinet FortiNAC | >=9.1.0<=9.1.7 | |
| Fortinet FortiNAC | >=9.2.0<=9.2.5 | |
| Fortinet FortiNAC | =8.3.7 | |
| Fortinet FortiNAC | =9.4.0 |
Remedy
Please upgrade to FortiNAC version 9.4.1 or above Please upgrade to FortiNAC version 9.2.6 or above Please upgrade to FortiNAC version 9.1.8 or above Please upgrade to FortiNAC version 7.2.0 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Fortinet FortiNAC vulnerability?
The vulnerability ID for this Fortinet FortiNAC vulnerability is CVE-2022-40677.
What is the severity of CVE-2022-40677?
The severity of CVE-2022-40677 is high.
Which versions of Fortinet FortiNAC are affected by CVE-2022-40677?
Fortinet FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.7, 9.2.0 through 9.2.5, and 9.4.0 are affected by CVE-2022-40677.
What is the description of CVE-2022-40677?
CVE-2022-40677 is an improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiNAC, allowing an attacker to execute unauthorized code.
How do I fix CVE-2022-40677?
To fix CVE-2022-40677, it is recommended to update Fortinet FortiNAC to a version that includes a patch addressing this vulnerability.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- agent/type
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortinac
- version/fortinet fortinac/8.5.0
- version/fortinet fortinac/8.5.4
- version/fortinet fortinac/8.6.0
- version/fortinet fortinac/8.6.5
- version/fortinet fortinac/8.7.0
- version/fortinet fortinac/8.7.6
- version/fortinet fortinac/8.8.0
- version/fortinet fortinac/8.8.11
- version/fortinet fortinac/9.1.0
- version/fortinet fortinac/9.1.7
- version/fortinet fortinac/9.2.0
- version/fortinet fortinac/9.2.5
- version/fortinet fortinac/8.3.7
- version/fortinet fortinac/9.4.0