HIGH🇵🇱 Wersja polska

CVE-2022-22301

CVSS 7.8v3.1pub. 2022-03-02upd. 2024-11-21

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Fortiap C

    APP
    Fortinet
    5.2.05.2.15.4.05.4.15.4.25.4.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2023-25608MEDIUM5.5ten sam produkt

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command li...

CVE-2026-35616CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet FortiClientEMS — nieuwierzytelnione wykonanie kodu (Auth Bypass)

CVE-2026-21643CRITICAL9.8⚠ KEVPL ✓ten sam vendor

SQL Injection w Fortinet FortiClientEMS — nieautoryzowane wykonanie kodu

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML