An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-22-039 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2023-07-11T16:52:42.353Z
Updated: 2024-08-03T03:43:46.110Z
Reserved: 2022-01-19T07:38:03.514Z
Link: CVE-2022-23447
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-11T17:15:10.383
Modified: 2023-11-07T03:44:09.007
Link: CVE-2022-23447
Redhat
No data.