CVE-2023-23784Relative Path Traversal in Fortinet Fortiweb

CWE-23Relative Path TraversalCWE-22Path Traversal4 documents4 sources
Severity
6.5MEDIUMNVD
CNA5.7
EPSS
0.3%
top 45.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedFeb 16

Description

A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortiweb6.3.66.3.21+2
CVEListV5fortinet/fortiweb7.0.07.0.2+2

🔴Vulnerability Details

2
CVEList
CVE-2023-23784: A relative path traversal in Fortinet FortiWeb version 72023-02-16
GHSA
GHSA-gr3c-hqp8-55qj: A relative path traversal in Fortinet FortiWeb version 72023-02-16

📋Vendor Advisories

1
Fortinet
A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, Forti...2023-02-16
CVE-2023-23784 — Relative Path Traversal in Fortinet | cvebase