CVE-2022-33876 — Improper Input Validation in Fortinet Fortiadc

CWE-20 — Improper Input Validation CWE-444 — HTTP Request Smuggling4 documents4 sources

Severity

6.5MEDIUMNVD

CNA5.4

EPSS

0.4%

top 36.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiadc

Timeline

PublishedDec 6

Description

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5fortinet/fortiadc7.0.0 — 7.0.2+8

▶NVDfortinet/fortiadc5.1.0 — 6.2.4+4

🔴Vulnerability Details

CVEList

CVE-2022-33876: Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7↗2022-12-06

▶

GHSA

GHSA-cq96-mhx2-84m8: Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7↗2022-12-06

▶

📋Vendor Advisories

Fortinet

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through...↗2022-12-06

▶