CVE-2022-23447

CWE-22Path Traversal4 documents4 sources
Severity
7.5HIGH
EPSS
0.1%
top 65.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet Fortiextender FirmwareFortinet Fortiextender
Timeline
PublishedJul 11

Description

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortiextender_firmware3.2.13.2.4+6
CVEListV5fortinet/fortiextender7.0.07.0.3+6

🔴Vulnerability Details

2
GHSA
GHSA-vx64-9phg-mmpv: An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 72023-07-11
CVEList
CVE-2022-23447: An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 72023-07-11

📋Vendor Advisories

1
Fortinet
Path Traversal vulnerability2023-07-11
CVE-2022-23447 (HIGH CVSS 7.5) | An improper limitation of a pathnam | cvebase.io