-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.3262
 FortiAnalyzer & FortiManager - OS command injection vulnerability in CLI
                                6 July 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           FortiAnalyzer
                   FortiManager
Publisher:         FortiGuard
Operating System:  Network Appliance
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-27483  

Original Bulletin: 
   https://fortiguard.fortinet.com/psirt/FG-IR-22-049

Comment: CVSS (Max):  6.8 CVE-2022-27483 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C)
         CVSS Source: FortiGuard
         Calculator:  https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?
                      vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

- --------------------------BEGIN INCLUDED TEXT--------------------

FortiAnalyzer & FortiManager - OS command injection vulnerability in CLI

IR Number    : FG-IR-22-049
Date         : Jul 5, 2022
Severity     : Medium
CVSSv3 Score : 6.8
Impact       : Execute unauthorized code or commands
CVE ID       : CVE-2022-27483
Affected 
Products     : FortiManager  : 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5,
                               6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8,
                               6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1,
                               6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 
                               6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0
               FortiAnalyzer : 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5,
                               6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8,
                               6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1,
                               6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4,
                               6.0.3, 6.0.2, 6.0.11,  6.0.10, 6.0.1, 6.0.0

Summary

An improper neutralization of special elements used in an OS command ('OS
Command Injection') vulnerability [CWE-78] in FortiAnalyzer & FortiManager may
allow an authenticated attacker to execute arbitrary shell code as `root` user
via `diagnose system` CLI commands.

Affected Products

At least
FortiManager version 7.0.0 through 7.0.3
FortiManager version 6.4.0 through 6.4.7
FortiManager version 6.2.0 through 6.2.9
FortiManager version 6.0.0 through 6.0.11
At least
FortiAnalyzer version 7.0.0 through 7.0.3
FortiAnalyzer version 6.4.0 through 6.4.7
FortiAnalyzer version 6.2.0 through 6.2.9
FortiAnalyzer version 6.0.0 through 6.0.11

Solutions

Upgrade to FortiAnalyzer version 7.2.0 or above,

Upgrade to FortiAnalyzer version 7.0.4 or above,

Upgrade to FortiAnalyzer version 6.4.8 or above.

Upgrade to FortiManager version 7.2.0 or above,

Upgrade to FortiManager version 7.0.4 or above,

Upgrade to FortiManager version 6.4.8 or above.

Acknowledgement

Internally discovered and reported by Theo Leleu of Fortinet Product Security
team.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBYsUfYckNZI30y1K9AQjaSQ/+K0rGGSEwppmN/l4nDfR+xX80n4O+RcMX
jSFnjoBYA4P9dBVlSJIRAaTteO0v6l3UQmP4xCEmg0jTYXCliWxwCHXcAiVs/PTr
/Qxb/ilv1a12Fi1wAycVqxL2laTsjdwHMWl9JmlTC60kecY1yV0LWWHX/UfaDUKP
yqGqMegNpE/bQnT/7IBLpQH+QPjAgdEwWUoPdozXxK1FDiomOZH4nIHB3Hqqx02K
+eSg4u4ISOn109NUGuaEKbKRgGMbj6JaOfyQ8jm6phVi+7QqbjBstT713ZMUTXKH
0LhwZqxN8hNHDXrM30JrrubeVe1vKJOC2p2qprxAAyS1sPb32SQk48smR6FQNW9V
CSHhcmL8Q2bf0l8GEGd+r7xZbPY3/vt/aPSk/tjcVbutrGtEE9FsAPku4vIasnqt
WXX9Np6hpufpukwzEX4UfrWyrKZ1ttIfH9ail6gR3hnnTnVxBV5tXBHDod9mJDLa
/FRq87S4v4kJRq218iqFKwtk7QxP26Is8OoxklyaTC3QszcK/ppzxl/Lwe50ouKl
xcC8QvA0Cmg/K+CbC1nV7YxtF23mOOrRSgvMLb4BSjCOSAdDFG57p9kTK7cExIcL
RU+XUhP8VPOPGC9jqZa9z9i3wA6PUXyU9lTIl83EXLlQmWXkZXNViyc+U7x7Vj9W
6uLmuWVR6uM=
=waA/
-----END PGP SIGNATURE-----