CVE-2022-29058

⚠️ high

Summary

An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

CVSS Score

7.8

High

EPSS Score

0.2

Exploit Probability

Published Date

2022-09-06

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.6% of all 328,009 vulnerabilities in our database.

#99,625

Above average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Oct 23, 2024

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Total

Complete system compromise possible

SSVC data provided by CISA

Last Modified 2024-11-21

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-89

📦 Affected Products 15

Vendor	Product	Status	Affected Versions
fortinet	fortiap-s	Affected	≥ 6.0.0 ≤ 6.0.6
fortinet	fortiap-s	Affected	≥ 6.2.0 ≤ 6.2.6
fortinet	fortiap-s	Affected	≥ 6.4.0 < 6.4.8
fortinet	fortiap-u	Affected	≥ 5.4.0 ≤ 5.4.6
fortinet	fortiap-u	Affected	≥ 6.0.0 ≤ 6.0.4
fortinet	fortiap-u	Affected	≥ 6.2.0 < 6.2.4
fortinet	fortiap-w2	Affected	≥ 6.0.0 ≤ 6.0.6
fortinet	fortiap-w2	Affected	≥ 6.2.0 ≤ 6.2.6
fortinet	fortiap-w2	Affected	≥ 6.4.0 < 6.4.8
fortinet	fortiap-w2	Affected	≥ 7.0.0 < 7.0.4
fortinet	fortiap-w2	Affected	v7.2.0
fortinet	fortiap	Affected	≥ 6.0.0 ≤ 6.0.6
fortinet	fortiap	Affected	≥ 6.4.3 < 6.4.8
fortinet	fortiap	Affected	≥ 7.0.0 < 7.0.4
fortinet	fortiap	Affected	v7.2.0

🔗 References 1

https://fortiguard.com/psirt/FG-IR-21-163

Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-53680	🔶 medium	6.7	0.0	An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vul...	2026-05-12
CVE-2025-53870	🔶 medium	6.7	0.0	An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet ...	2026-05-12
CVE-2024-26012	🔶 medium	6.7	0.2	A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 a...	2025-01-14
CVE-2023-25608	🔶 medium	5.5	0.2	An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpr...	2023-09-13
CVE-2023-36634	⚠️ high	7.1	0.1	An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpr...	2023-09-13
CVE-2022-30301	⚠️ high	7.8	0.1	A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 m...	2022-07-19

These CVEs affect the same products