CVE-2022-43948

HIGH Year: 2022
CVSS v3 Score
7.8
High
Weakness Type
CWE-78
View all →

Vulnerability Description

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions, FortiADC 5.4 all versions, FortiADC 5.3 all versions, FortiADC 5.2 all versions, FortiADC 5.1 all versions allows attacker to execute unauthorized code or commands via specifically crafted arguments to existing commands.

Related Vulnerabilities

CVE-2013-0517

HIGH
CVSS:7.8(High)

A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute ar...

CWE-782013

CVE-2015-6396

HIGH
CVSS:7.8(High)

The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161...

CWE-782015

CVE-2016-10320

HIGH
CVSS:7.8(High)

textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files.

CWE-782016

CVE-2016-1339

HIGH
CVSS:7.8(High)

Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux688...

CWE-782016

CVE-2016-4853

HIGH
CVSS:7.8(High)

AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe.

CWE-782016

CVE-2016-6065

HIGH
CVSS:7.8(High)

IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.

CWE-782016