An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-039 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
20 Jul 2023, 17:03
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://fortiguard.com/psirt/FG-IR-22-039 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-22 | |
CPE | cpe:2.3:o:fortinet:fortiextender_firmware:5.3.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiextender:-:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:* |
|
First Time |
Fortinet fortiextender Firmware
Fortinet fortiextender Fortinet |
11 Jul 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-11 17:15
Updated : 2024-02-28 20:13
NVD link : CVE-2022-23447
Mitre link : CVE-2022-23447
CVE.ORG link : CVE-2022-23447
JSON object : View
Products Affected
fortinet
- fortiextender
- fortiextender_firmware
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')