CVE-2022-40677 HIGH

CVE-2022-40677

Vendor Fortinet

Product FortiNAC

Weakness CWE-88

Published February 16, 2023

Last update October 23, 2024

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C

What the vulnerability does

01Description

A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters.

Key dates

02Disclosure timeline

February 16, 2023 CVE published

October 23, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-40677 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/88.html

Related vulnerabilities

Identifiers

CVE CVE-2022-40677

CWE CWE-88

CVSS 7.2 / HIGH

Affected versions

Vendor Fortinet

Product FortiNAC

Affected 9.4.0

Vendor Fortinet

Product FortiNAC

Affected ≥ 9.2.0 and ≤ 9.2.5

Vendor Fortinet

Product FortiNAC

Affected ≥ 9.1.0 and ≤ 9.1.7

Vendor Fortinet

Product FortiNAC

Affected ≥ 8.8.0 and ≤ 8.8.11

Vendor Fortinet

Product FortiNAC

Affected ≥ 8.7.0 and ≤ 8.7.6

Vendor Fortinet

Product FortiNAC

Affected ≥ 8.6.0 and ≤ 8.6.5

Vendor Fortinet

Product FortiNAC

Affected ≥ 8.5.0 and ≤ 8.5.4

Vendor Fortinet

Product FortiNAC

Affected 8.3.7

CVE-2022-40677

01Description

02Disclosure timeline

03References

04Related CVE