{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-40677","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2022-09-14T13:17:43.617Z","datePublished":"2023-02-16T18:06:57.630Z","dateUpdated":"2024-10-23T14:32:34.591Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiNAC","defaultStatus":"unaffected","versions":[{"version":"9.4.0","status":"affected"},{"versionType":"semver","version":"9.2.0","lessThanOrEqual":"9.2.5","status":"affected"},{"versionType":"semver","version":"9.1.0","lessThanOrEqual":"9.1.7","status":"affected"},{"versionType":"semver","version":"8.8.0","lessThanOrEqual":"8.8.11","status":"affected"},{"versionType":"semver","version":"8.7.0","lessThanOrEqual":"8.7.6","status":"affected"},{"versionType":"semver","version":"8.6.0","lessThanOrEqual":"8.6.5","status":"affected"},{"versionType":"semver","version":"8.5.0","lessThanOrEqual":"8.5.4","status":"affected"},{"version":"8.3.7","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-02-16T18:06:57.630Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-88","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiNAC version 9.4.1 or above Please upgrade to FortiNAC version 9.2.6 or above Please upgrade to FortiNAC version 9.1.8 or above Please upgrade to FortiNAC version 7.2.0 or above "}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-280","url":"https://fortiguard.com/psirt/FG-IR-22-280"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T12:21:46.434Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-280","url":"https://fortiguard.com/psirt/FG-IR-22-280","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-23T14:11:38.204687Z","id":"CVE-2022-40677","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-23T14:32:34.591Z"}}]}}