cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2023-40716,https://securityvulnerability.io/vulnerability/CVE-2023-40716,Improper Neutralization Vulnerability in FortiTester by Fortinet,"An improper neutralization in the command line interpreter of FortiTester enables authenticated attackers to execute unauthorized commands. By crafting specific arguments during operations like restore or backup, an attacker can exploit this vulnerability, potentially gaining control over the affected system.",Fortinet,FortiTester,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-12-13T07:15:00.000Z,0 CVE-2023-40717,https://securityvulnerability.io/vulnerability/CVE-2023-40717,,A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.,Fortinet,Fortitester,5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-09-13T13:15:00.000Z,0 CVE-2023-40715,https://securityvulnerability.io/vulnerability/CVE-2023-40715,,A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.,Fortinet,Fortitester,5.2,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-09-13T13:15:00.000Z,0 CVE-2023-36642,https://securityvulnerability.io/vulnerability/CVE-2023-36642,OS Command Injection Vulnerability in FortiTester by Fortinet,"The vulnerability in FortiTester affects versions from 3.0.0 through 7.2.3, allowing authenticated attackers to exploit improper neutralization of special elements used in OS commands. By crafting specific arguments to existing commands, attackers can execute unauthorized commands through the management interface, posing a threat to the integrity and security of the system. This highlights the critical need for timely patches and security measures to mitigate risks associated with command injection attacks.",Fortinet,FortiTester,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-09-13T13:15:00.000Z,0 CVE-2022-35845,https://securityvulnerability.io/vulnerability/CVE-2022-35845,OS Command Injection Vulnerability in FortiTester by Fortinet,"Multiple improper neutralization occurrences of special elements used in OS commands have been identified in FortiTester. These flaws could permit an authenticated attacker to execute arbitrary commands in the system's underlying shell, potentially leading to a breach of system integrity. Administrators are encouraged to review affected versions and apply necessary measures to mitigate these risks.",Fortinet,Fortitester,7.6,HIGH,0.0013599999947473407,false,false,false,false,,false,false,2023-01-03T16:57:58.754Z,0 CVE-2022-33870,https://securityvulnerability.io/vulnerability/CVE-2022-33870,,"An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.",Fortinet,Fortinet Fortitester,7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2022-11-02T00:00:00.000Z,0 CVE-2022-38372,https://securityvulnerability.io/vulnerability/CVE-2022-38372,,"A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command.",Fortinet,Fortinet Fortitester,6.7,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2022-11-02T00:00:00.000Z,0 CVE-2022-33874,https://securityvulnerability.io/vulnerability/CVE-2022-33874,,"An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.",Fortinet,Fortinet Fortitester,9.8,CRITICAL,0.002520000096410513,false,false,false,false,,false,false,2022-10-18T15:15:00.000Z,0 CVE-2022-35844,https://securityvulnerability.io/vulnerability/CVE-2022-35844,,"An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.",Fortinet,Fortinet Fortitester,6.7,MEDIUM,0.001180000021122396,false,false,false,false,,false,false,2022-10-18T14:15:00.000Z,0 CVE-2022-35846,https://securityvulnerability.io/vulnerability/CVE-2022-35846,,"An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.",Fortinet,Fortinet Fortitester,8.1,HIGH,0.0020099999383091927,false,false,false,false,,false,false,2022-10-18T14:15:00.000Z,0 CVE-2022-33872,https://securityvulnerability.io/vulnerability/CVE-2022-33872,,"An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.",Fortinet,Fortinet Fortitester,9.8,CRITICAL,0.002520000096410513,false,false,false,false,,false,false,2022-10-10T00:00:00.000Z,0 CVE-2022-33873,https://securityvulnerability.io/vulnerability/CVE-2022-33873,,"An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.",Fortinet,Fortinet Fortitester,6.8,MEDIUM,0.001879999996162951,false,false,false,false,,false,false,2022-10-10T00:00:00.000Z,0 CVE-2020-12815,https://securityvulnerability.io/vulnerability/CVE-2020-12815,,An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.,Fortinet,Fortinet Fortitester,5.4,MEDIUM,0.0006600000197067857,false,false,false,false,,false,false,2020-09-24T13:33:14.000Z,0