CVE-2023-44251

CWE-22Path Traversal4 documents4 sources
Severity
8.8HIGH
EPSS
0.6%
top 29.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiwan
Timeline
PublishedDec 13

Description

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:HExploitability: 2.8 | Impact: 5.5

Affected Packages2 packages

CVEListV5fortinet/fortiwan5.2.05.2.1+1
NVDfortinet/fortiwan4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-jgpr-rr69-24ch: ** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet For2023-12-13
CVEList
CVE-2023-44251: ** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet For2023-12-13

📋Vendor Advisories

1
Fortinet
** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerab...2023-12-13
CVE-2023-44251 (HIGH CVSS 8.8) | ** UNSUPPORTED WHEN ASSIGNED **A im | cvebase.io