A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-280 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fortinet
Published: 2023-02-16T18:06:57.630Z
Updated: 2023-02-16T18:06:57.630Z
Reserved: 2022-09-14T13:17:43.617Z
Link: CVE-2022-40677
JSON object: View
NVD Information
Status : Modified
Published: 2023-02-16T19:15:13.250
Modified: 2023-11-07T03:52:34.873
Link: CVE-2022-40677
JSON object: View
Redhat Information
No data.
CWE