CVE-2022-30301

CWE-22Path Traversal4 documents4 sources
Severity
6.7MEDIUM
EPSS
0.1%
top 70.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet Fortiap-uFortinet Fortinet Fortiap-u
Timeline
PublishedJul 19
Latest updateJul 20

Description

A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiap-u6.0.06.0.4+6
CVEListV5fortinet/fortinet_fortiap-uFortiAP-U 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6

Patches

Patch: fortiguard.comPatch: fortiguard.com

🔴Vulnerability Details

2
GHSA
GHSA-29rh-32p4-4934: A path traversal vulnerability [CWE-22] in FortiAP-U CLI 62022-07-20
CVEList
CVE-2022-30301: A path traversal vulnerability [CWE-22] in FortiAP-U CLI 62022-07-18

📋Vendor Advisories

1
Fortinet
Relative path traversal vulnerability in CLI2022-07-19
CVE-2022-30301 (MEDIUM CVSS 6.7) | A path traversal vulnerability [CWE | cvebase.io