CVE-2022-23447
published 2023-07-11CVE-2022-23447: An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiextender | — | — |
| fortinet | fortiextender | — | — |
| fortinet | fortiextender | 3.2.1 – 3.2.3 | — |
| fortinet | fortiextender | 3.3.0 – 3.3.2 | — |
| fortinet | fortiextender | 4.0.0 – 4.0.2 | — |
| fortinet | fortiextender | 4.1.1 – 4.1.8 | — |
| fortinet | fortiextender | 4.2.0 – 4.2.4 | — |
| fortinet | fortiextender | 7.0.0 – 7.0.3 | — |
| fortinet | fortiextender_firmware | — | — |
| fortinet | fortiextender_firmware | >= 3.2.1 < 3.2.4 | 3.2.4 |
| fortinet | fortiextender_firmware | >= 3.3.0 < 3.3.3 | 3.3.3 |
| fortinet | fortiextender_firmware | >= 4.0.0 < 4.0.3 | 4.0.3 |
| fortinet | fortiextender_firmware | >= 4.1.1 < 4.1.9 | 4.1.9 |
| fortinet | fortiextender_firmware | >= 4.2.0 < 4.2.5 | 4.2.5 |
| fortinet | fortiextender_firmware | >= 7.0.0 < 7.0.4 | 7.0.4 |
| fortinet | fortiextenderfirmware | — | — |