{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-04T11:28:40.789","vulnerabilities":[{"cve":{"id":"CVE-2022-35844","sourceIdentifier":"psirt@fortinet.com","published":"2022-10-18T14:15:09.590","lastModified":"2024-11-21T07:11:48.393","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature."},{"lang":"es","value":"Una neutralización inapropiada de los elementos especiales usados en una vulnerabilidad de comandos del Sistema Operativo [CWE-78] en la interfaz de administración de FortiTester versiones 2.3.0 hasta 3.9.1, 4.0.0 hasta 4.2.0, 7.0.0 hasta 7.1.0, puede permitir a un atacante autenticado ejecutar comandos no autorizados por medio de argumentos específicamente diseñados para los comandos de la funcionalidad certificate import"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"3.9.2","matchCriteriaId":"0A56D42B-F3B0-419F-8F1B-2826E28436BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.2.1","matchCriteriaId":"FE2EA412-DFA8-4EA8-80B1-081B994AFEDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortitester:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.1.1","matchCriteriaId":"B708B54C-64C3-4793-8F81-896CFCA2AFF9"}]}]}],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-22-247","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/psirt/FG-IR-22-247","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}