{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-27489","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2022-03-21T16:03:48.575Z","datePublished":"2023-02-16T18:06:40.150Z","dateUpdated":"2024-10-23T14:46:25.263Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiExtender","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.3","status":"affected"},{"version":"5.3.2","status":"affected"},{"versionType":"semver","version":"4.2.0","lessThanOrEqual":"4.2.4","status":"affected"},{"versionType":"semver","version":"4.1.1","lessThanOrEqual":"4.1.8","status":"affected"},{"versionType":"semver","version":"4.0.0","lessThanOrEqual":"4.0.2","status":"affected"},{"versionType":"semver","version":"3.3.0","lessThanOrEqual":"3.3.2","status":"affected"},{"versionType":"semver","version":"3.2.1","lessThanOrEqual":"3.2.3","status":"affected"},{"versionType":"semver","version":"3.1.0","lessThanOrEqual":"3.1.2","status":"affected"},{"versionType":"semver","version":"3.0.0","lessThanOrEqual":"3.0.2","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-02-16T18:06:40.150Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-78","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Upgrade to FortiExtender version 7.2.0 and above\r\nUpgrade to FortiExtender version 7.0.4 and above\r\nUpgrade to FortiExtender upcoming version 4.2.5 and above\r\nUpgrade to FortiExtender upcoming version 4.1.9 and above\r\nUpgrade to FortiExtender upcoming version 4.0.3 and above\r\nUpgrade to FortiExtender version 3.3.3 and above\r\nUpgrade to FortiExtender version 3.2.4 and above"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-048","url":"https://fortiguard.com/psirt/FG-IR-22-048"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T05:32:57.924Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-048","url":"https://fortiguard.com/psirt/FG-IR-22-048","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-23T14:11:42.419938Z","id":"CVE-2022-27489","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-23T14:46:25.263Z"}}]}}