{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-23447", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2022-01-19T07:38:03.514Z", "datePublished": "2023-07-11T16:52:42.353Z", "dateUpdated": "2024-10-23T14:25:28.182Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiExtender", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.3", "status": "affected"}, {"version": "5.3.2", "status": "affected"}, {"versionType": "semver", "version": "4.2.0", "lessThanOrEqual": "4.2.4", "status": "affected"}, {"versionType": "semver", "version": "4.1.1", "lessThanOrEqual": "4.1.8", "status": "affected"}, {"versionType": "semver", "version": "4.0.0", "lessThanOrEqual": "4.0.2", "status": "affected"}, {"versionType": "semver", "version": "3.3.0", "lessThanOrEqual": "3.3.2", "status": "affected"}, {"versionType": "semver", "version": "3.2.1", "lessThanOrEqual": "3.2.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve\u00a0arbitrary files from the underlying filesystem via specially crafted web requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-07-11T16:52:42.353Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-22", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiExtender version 7.2.0 or above Please upgrade to FortiExtender version 7.0.4 or above Please upgrade to FortiExtender version 4.2.5 or above Please upgrade to FortiExtender version 4.1.9 or above Please upgrade to FortiExtender version 4.0.3 or above Please upgrade to FortiExtender version 3.3.3 or above Please upgrade to FortiExtender version 3.2.4 or above "}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-22-039", "url": "https://fortiguard.com/psirt/FG-IR-22-039"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:43:46.110Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-22-039", "url": "https://fortiguard.com/psirt/FG-IR-22-039", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T14:15:33.419696Z", "id": "CVE-2022-23447", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:25:28.182Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-039", "name": "https://fortiguard.com/psirt/FG-IR-22-039", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:43:46.110Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-23447", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-23T14:15:33.419696Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:18:03.555Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Fortinet", "product": "FortiExtender", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.3"}, {"status": "affected", "version": "5.3.2"}, {"status": "affected", "version": "4.2.0", "versionType": "semver", "lessThanOrEqual": "4.2.4"}, {"status": "affected", "version": "4.1.1", "versionType": "semver", "lessThanOrEqual": "4.1.8"}, {"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.2"}, {"status": "affected", "version": "3.3.0", "versionType": "semver", "lessThanOrEqual": "3.3.2"}, {"status": "affected", "version": "3.2.1", "versionType": "semver", "lessThanOrEqual": "3.2.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiExtender version 7.2.0 or above Please upgrade to FortiExtender version 7.0.4 or above Please upgrade to FortiExtender version 4.2.5 or above Please upgrade to FortiExtender version 4.1.9 or above Please upgrade to FortiExtender version 4.0.3 or above Please upgrade to FortiExtender version 3.3.3 or above Please upgrade to FortiExtender version 3.2.4 or above "}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-039", "name": "https://fortiguard.com/psirt/FG-IR-22-039"}], "descriptions": [{"lang": "en", "value": "An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve\u00a0arbitrary files from the underlying filesystem via specially crafted web requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-07-11T16:52:42.353Z"}}}, "cveMetadata": {"cveId": "CVE-2022-23447", "state": "PUBLISHED", "dateUpdated": "2024-10-23T14:25:28.182Z", "dateReserved": "2022-01-19T07:38:03.514Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2023-07-11T16:52:42.353Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7C7C2CF-4343-4DC6-A9CC-2AD085FF4719", "versionEndExcluding": "3.2.4", "versionStartIncluding": "3.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF3BA216-3C90-451D-99AC-DC64259A1312", "versionEndExcluding": "3.3.3", "versionStartIncluding": "3.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "42280061-9248-48CF-98E1-89B83D044137", "versionEndExcluding": "4.0.3", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6594D0E-3A47-4E9F-B020-FBC2C1AED759", "versionEndExcluding": "4.1.9", "versionStartIncluding": "4.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "48A96D42-A019-422C-AB50-7CAF378FDDE5", "versionEndExcluding": "4.2.5", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "46532FCC-760C-43ED-8DC4-81427D279980", "versionEndExcluding": "7.0.4", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortiextender_firmware:5.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "1CC2C9D3-01FD-4D5B-AE85-05B0CA6C99AA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fortinet:fortiextender:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0617C1D-E321-409D-B54B-775E854A03C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve\u00a0arbitrary files from the underlying filesystem via specially crafted web requests."}], "id": "CVE-2022-23447", "lastModified": "2024-11-21T06:48:34.377", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-11T17:15:10.383", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-22-039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-22-039"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "psirt@fortinet.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}