A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root` via `execute` CLI commands.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-22-047 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
17 Jun 2026, 04:37
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.6 |
22 Aug 2024, 14:29
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiddos:5.7.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiddos:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiddos-f:6.5.0:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| First Time |
Fortinet fortiddos
Fortinet fortiddos-f Fortinet |
|
| Summary |
|
|
| References | () https://fortiguard.com/psirt/FG-IR-22-047 - Vendor Advisory |
13 Aug 2024, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-08-13 16:15
Updated : 2026-06-17 04:37
NVD link : CVE-2022-27486
Mitre link : CVE-2022-27486
CVE.ORG link : CVE-2022-27486
JSON object : View
Products Affected
fortinet
- fortiddos
- fortiddos-f
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')