Home > Cyber News > CVE-2022-39947: High Severity Flaw in Fortinet FortiADC
CYBER NEWS

CVE-2022-39947: High Severity Flaw in Fortinet FortiADC

by   |  Last Update:  |  0 Comments  

CVE-2022-39947 is a new, high severity security vulnerability in FortiADC product – an advanced application and database delivery controller from Fortinet. The vulnerability is a command injection issue in the product’s web interface, and has been rated 8.6 out of 10 on the CVSS scale.

FortiADC enhances the scalability, performance, and security of applications hosted on either premises or in the cloud. The CVE-2022-39947 vulnerability may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.
CVE-2022-39947- High Severity Flaw in Fortinet FortiADC-sensorstechforum

What Products Does CVE-2022-39947 Affect?

Here is the list of the affected products and their versions, as per the official Fortinet’s advisory:

  • FortiADC version 7.0.0 through 7.0.1
  • FortiADC version 6.2.0 through 6.2.3
  • FortiADC version 5.4.0 through 5.4.5
  • FortiADC all versions 6.1
  • FortiADC all versions 6.0

The vulnerability was discovered internally and reported by Gwendal Guégniaud of Fortinet Product Security Team.




It is noteworthy that command injection vulnerabilities occur when an attacker is able to execute system commands on a vulnerable application. This type of attack can allow an attacker to take control of the application, access sensitive data, or even manipulate the system. These vulnerabilities can be exploited via input fields, web forms, or URLs.

Affected parties should apply the available patches as soon as possible.

Enterprises of all sizes are at risk of various security vulnerabilities. With so much confidential information and data, it’s essential for organizations to take proactive measures to protect their businesses from potential security threats.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  2. CVE-2022-21658: High Severity Vulnerability in Rust Language A new high severity vulnerability in the Rust programming language...
  3. CVE-2022-34265: High Severity Vulnerability in the Django Project CVE-2022-34265 is a new high severity vulnerability in the Django...
  4. CVE-2018-0369: Yet Another High Severity Cisco Vulnerability Yet another vulnerability, identified as CVE-2018-0369, in Cisco software has...
  5. Fortinet FortiWeb WAF Appliances Exposed to Serious Unpatched Flaw There is a recently disclosed unpatched flaw in Fortinet’s web...
  6. Several High Severity Bugs Fixed in Firefox and Chrome A bunch of critical security vulnerabilities affect Mozilla Firefox browser....
  7. CVE-2022-44698, CVE-2022-44710: Microsoft Fixes 2 Zero-Days Another Microsoft Patch Tuesday has rolled out, fixing a total...
  8. Which is the Most Secure Browser for 2015 – Firefox, Chrome, Internet Explorer, Safari A Web browser can be two things. A person who...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree