CVE-2022-22297

CWE-7924 documents4 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 66.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortirecorder Fortinet Fortiweb Fortinet Fortirecorder Firmware

Timeline

PublishedMar 7

Description

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5fortinet/fortiweb6.4.0 — 6.4.1+4

▶NVDfortinet/fortiweb6.0.0 — 6.0.8+4

▶CVEListV5fortinet/fortirecorder6.4.0 — 6.4.3+2

▶NVDfortinet/fortirecorder_firmware2.7.0 — 2.7.7+2

🔴Vulnerability Details

CVEList

CVE-2022-22297: An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6↗2023-03-07

▶

GHSA

GHSA-x8qp-2qgw-7qxx: An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6↗2023-03-07

▶

📋Vendor Advisories

Fortinet

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpr...↗2023-03-07

▶