CVE-2023-27993 — Relative Path Traversal in Fortinet Fortiadc

CWE-23 — Relative Path Traversal CWE-22 — Path Traversal4 documents4 sources

Severity

7.1HIGHNVD

CNA6.0

EPSS

0.1%

top 80.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiadc

Timeline

PublishedMay 3

Latest updateMay 4

Description

A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶NVDfortinet/fortiadc7.1.0 — 7.1.2+2

▶CVEListV5fortinet/fortiadc7.1.0 — 7.1.1+8

🔴Vulnerability Details

GHSA

GHSA-732v-x297-mcrm: A relative path traversal [CWE-23] in Fortinet FortiADC version 7↗2023-05-04

▶

CVEList

CVE-2023-27993: A relative path traversal [CWE-23] in Fortinet FortiADC version 7↗2023-05-03

▶

📋Vendor Advisories

Fortinet

A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to d...↗2023-05-03

▶