An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-22-471 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2023-07-11T16:52:51.034Z
Updated: 2024-08-02T11:25:19.249Z
Reserved: 2023-02-08T13:42:03.366Z
Link: CVE-2023-25606
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-11T17:15:12.780
Modified: 2023-11-07T04:09:03.617
Link: CVE-2023-25606
Redhat
No data.