cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-38372,https://securityvulnerability.io/vulnerability/CVE-2022-38372,Hidden Functionality Vulnerability in FortiTester by Fortinet,"FortiTester, a testing and service validation tool from Fortinet, is susceptible to a local privilege escalation vulnerability. This issue arises from a hidden functionality accessible via undocumented commands within the FortiTester CLI across various versions. A local, privileged user can exploit this flaw to gain unauthorized root shell access on the device, potentially compromising the system's integrity and exposing sensitive information. For more information, refer to Fortinet's official advisory.",Fortinet,Fortinet Fortitester,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-33870,https://securityvulnerability.io/vulnerability/CVE-2022-33870,Command Injection Vulnerability in FortiTester by Fortinet,"An improper neutralization of special elements used in an OS command vulnerability exists in the command line interpreter of FortiTester, allowing an authenticated attacker to execute unauthorized commands. By sending specifically crafted arguments to existing commands, attackers can exploit this vulnerability, potentially leading to system compromise and unauthorized access. It is crucial for Fortinet users to review the affected versions and apply necessary patches to mitigate risks associated with this vulnerability.",Fortinet,Fortinet Fortitester,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-33874,https://securityvulnerability.io/vulnerability/CVE-2022-33874,OS Command Injection Vulnerability in FortiTester by Fortinet,"A vulnerability exists in the SSH login components of FortiTester, affecting various versions, allowing an unauthenticated remote attacker to execute arbitrary commands in the underlying shell due to improper neutralization of special elements. This flaw can be exploited to potentially gain unauthorized access and control over the system.",Fortinet,Fortinet Fortitester,9.8,CRITICAL,0.002520000096410513,false,,false,false,false,,,false,false,,2022-10-18T15:15:00.000Z,0
CVE-2022-35846,https://securityvulnerability.io/vulnerability/CVE-2022-35846,Excessive Authentication Attempts in FortiTester Products by Fortinet,"FortiTester products have a vulnerability that improperly restricts excessive authentication attempts, allowing unauthenticated attackers to execute brute force attacks to guess admin credentials. This flaw affects multiple versions, emphasizing the need for users to limit the access and utilize additional security measures to protect their administrative interfaces.",Fortinet,Fortinet Fortitester,8.1,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2022-10-18T14:15:00.000Z,0
CVE-2022-35844,https://securityvulnerability.io/vulnerability/CVE-2022-35844,Command Injection Vulnerability in FortiTester Management Interface by Fortinet,"An OS command injection vulnerability exists in the management interface of FortiTester, affecting multiple versions from 2.3.0 through 7.1.0. This flaw allows an authenticated attacker to execute unauthorized commands by providing specially crafted arguments to the commands of the certificate import feature. Proper security measures should be implemented to mitigate the risks associated with this vulnerability. For detailed information, refer to Fortinet's advisory.",Fortinet,Fortinet Fortitester,6.7,MEDIUM,0.001180000021122396,false,,false,false,false,,,false,false,,2022-10-18T14:15:00.000Z,0
CVE-2022-33873,https://securityvulnerability.io/vulnerability/CVE-2022-33873,OS Command Injection Vulnerability in FortiTester by Fortinet,"An OS Command Injection vulnerability exists in the Console login component of FortiTester versions 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, and 7.0.0 through 7.1.0. This flaw can be exploited by unauthenticated attackers to execute arbitrary commands within the underlying shell environment. If successfully exploited, this could lead to unauthorized access and control over the system, potentially compromising sensitive data and functionalities.",Fortinet,Fortinet Fortitester,6.8,MEDIUM,0.001879999996162951,false,,false,false,false,,,false,false,,2022-10-10T00:00:00.000Z,0
CVE-2022-33872,https://securityvulnerability.io/vulnerability/CVE-2022-33872,OS Command Injection Vulnerability in FortiTester by Fortinet,"The vulnerability exists in the Telnet login components of FortiTester, where improper handling of special elements permits an unauthenticated remote attacker to inject arbitrary commands into the underlying operating system shell. This significant flaw could lead to unauthorized execution of commands, putting sensitive data and system integrity at risk, necessitating immediate attention and remediation.",Fortinet,Fortinet Fortitester,9.8,CRITICAL,0.002520000096410513,false,,false,false,false,,,false,false,,2022-10-10T00:00:00.000Z,0
CVE-2020-12815,https://securityvulnerability.io/vulnerability/CVE-2020-12815,Improper Input Neutralization in FortiTester by Fortinet,"An input validation vulnerability in FortiTester prior to version 3.9.0 allows remote authenticated attackers to inject malicious HTML scripts through IPv4 and IPv6 address fields, potentially leading to unauthorized actions and data exposure.",Fortinet,Fortinet Fortitester,5.4,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2020-09-24T13:33:14.000Z,0