Rewterz Threat Alert – Matiex Malware – Active IOCs
January 5, 2023Rewterz Threat Alert – GCleaner Malware – Active IOCs
January 5, 2023Rewterz Threat Alert – Matiex Malware – Active IOCs
January 5, 2023Rewterz Threat Alert – GCleaner Malware – Active IOCs
January 5, 2023Severity
High
Analysis Summary
CVE-2022-35845
Fortinet FortiTester could allow a local authenticated attacker to execute arbitrary commands on the system, caused by an OS command injection flaw in GUI and API. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands in the underlying shell.
Impact
- Command Execution
Indicators Of Compromise
CVE
- CVE-2022-35845
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiTester 7.1.0
- Fortinet FortiTester 7.0.0
- Fortinet FortiTester 4.2.0
- Fortinet FortiTester 4.0.0
- Fortinet FortiTester 3.9.1
- Fortinet FortiTester 2.3.0
Remediation
Refer to Fortinet Security Advisory for patch, upgrade or suggested workaround information.