Vulnerability Details CVE-2022-40679
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.8%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2022-40679
-
cpe:2.3:a:fortinet:fortiadc:5.0.0
-
cpe:2.3:a:fortinet:fortiadc:5.0.1
-
cpe:2.3:a:fortinet:fortiadc:5.0.2
-
cpe:2.3:a:fortinet:fortiadc:5.0.3
-
cpe:2.3:a:fortinet:fortiadc:5.0.4
-
cpe:2.3:a:fortinet:fortiadc:5.1.0
-
cpe:2.3:a:fortinet:fortiadc:5.1.1
-
cpe:2.3:a:fortinet:fortiadc:5.1.2
-
cpe:2.3:a:fortinet:fortiadc:5.1.3
-
cpe:2.3:a:fortinet:fortiadc:5.1.4
-
cpe:2.3:a:fortinet:fortiadc:5.1.5
-
cpe:2.3:a:fortinet:fortiadc:5.1.6
-
cpe:2.3:a:fortinet:fortiadc:5.1.7
-
cpe:2.3:a:fortinet:fortiadc:5.2.0
-
cpe:2.3:a:fortinet:fortiadc:5.2.1
-
cpe:2.3:a:fortinet:fortiadc:5.2.2
-
cpe:2.3:a:fortinet:fortiadc:5.2.3
-
cpe:2.3:a:fortinet:fortiadc:5.2.4
-
cpe:2.3:a:fortinet:fortiadc:5.2.5
-
cpe:2.3:a:fortinet:fortiadc:5.2.6
-
cpe:2.3:a:fortinet:fortiadc:5.2.7
-
cpe:2.3:a:fortinet:fortiadc:5.2.8
-
cpe:2.3:a:fortinet:fortiadc:5.3.0
-
cpe:2.3:a:fortinet:fortiadc:5.3.1
-
cpe:2.3:a:fortinet:fortiadc:5.3.2
-
cpe:2.3:a:fortinet:fortiadc:5.3.3
-
cpe:2.3:a:fortinet:fortiadc:5.3.4
-
cpe:2.3:a:fortinet:fortiadc:5.3.5
-
cpe:2.3:a:fortinet:fortiadc:5.3.6
-
cpe:2.3:a:fortinet:fortiadc:5.3.7
-
cpe:2.3:a:fortinet:fortiadc:5.4.0
-
cpe:2.3:a:fortinet:fortiadc:5.4.1
-
cpe:2.3:a:fortinet:fortiadc:5.4.2
-
cpe:2.3:a:fortinet:fortiadc:5.4.3
-
cpe:2.3:a:fortinet:fortiadc:5.4.4
-
cpe:2.3:a:fortinet:fortiadc:5.4.5
-
cpe:2.3:a:fortinet:fortiadc:6.0.0
-
cpe:2.3:a:fortinet:fortiadc:6.0.1
-
cpe:2.3:a:fortinet:fortiadc:6.0.2
-
cpe:2.3:a:fortinet:fortiadc:6.0.3
-
cpe:2.3:a:fortinet:fortiadc:6.0.4
-
cpe:2.3:a:fortinet:fortiadc:6.1.0
-
cpe:2.3:a:fortinet:fortiadc:6.1.1
-
cpe:2.3:a:fortinet:fortiadc:6.1.2
-
cpe:2.3:a:fortinet:fortiadc:6.1.3
-
cpe:2.3:a:fortinet:fortiadc:6.1.4
-
cpe:2.3:a:fortinet:fortiadc:6.1.5
-
cpe:2.3:a:fortinet:fortiadc:6.1.6
-
cpe:2.3:a:fortinet:fortiadc:6.2.0
-
cpe:2.3:a:fortinet:fortiadc:6.2.1
-
cpe:2.3:a:fortinet:fortiadc:6.2.2
-
cpe:2.3:a:fortinet:fortiadc:6.2.3
-
cpe:2.3:a:fortinet:fortiadc:6.2.4
-
cpe:2.3:a:fortinet:fortiddos-f:6.1.0
-
cpe:2.3:a:fortinet:fortiddos-f:6.1.4
-
cpe:2.3:a:fortinet:fortiddos-f:6.2.0
-
cpe:2.3:a:fortinet:fortiddos-f:6.3.0
-
cpe:2.3:a:fortinet:fortiddos-f:6.4.0
-
cpe:2.3:a:fortinet:fortiddos:4.0.0
-
cpe:2.3:a:fortinet:fortiddos:4.5.0
-
cpe:2.3:a:fortinet:fortiddos:5.1.0
-
cpe:2.3:a:fortinet:fortiddos:5.2.0
-
cpe:2.3:a:fortinet:fortiddos:5.3.0
-
cpe:2.3:a:fortinet:fortiddos:5.3.1
-
cpe:2.3:a:fortinet:fortiddos:5.4.0
-
cpe:2.3:a:fortinet:fortiddos:5.4.1
-
cpe:2.3:a:fortinet:fortiddos:5.4.2
-
cpe:2.3:a:fortinet:fortiddos:5.5.0
-
cpe:2.3:a:fortinet:fortiddos:5.5.1
-
cpe:2.3:a:fortinet:fortiddos:5.6.0
-
cpe:2.3:a:fortinet:fortiddos:5.6.1
-
cpe:2.3:a:fortinet:fortiddos:5.6.2