ID

VAR-202212-0781


CVE

CVE-2022-33876


TITLE

fortinet's  FortiADC  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023123

DESCRIPTION

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests. fortinet's FortiADC There is an input validation vulnerability in.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-33876 // JVNDB: JVNDB-2022-023123 // VULHUB: VHN-426027

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiadcscope:lteversion:6.2.4

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:eqversion:7.0.2

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:eqversion:7.1.0

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:eqversion:7.0.1

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:gteversion:5.1.0

Trust: 1.0

vendor:フォーティネットmodel:fortiadcscope:eqversion:7.0.2

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope:eqversion:5.1.0 to 6.2.4

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope:eqversion:7.1.0

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope:eqversion:7.0.0

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope:eqversion:7.0.1

Trust: 0.8

sources: JVNDB: JVNDB-2022-023123 // NVD: CVE-2022-33876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-33876
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2022-33876
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-33876
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202212-2589
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-33876
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-33876
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2022-33876
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023123 // CNNVD: CNNVD-202212-2589 // NVD: CVE-2022-33876 // NVD: CVE-2022-33876

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-444

Trust: 0.1

sources: VULHUB: VHN-426027 // JVNDB: JVNDB-2022-023123 // NVD: CVE-2022-33876

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2589

TYPE

environmental issue

Trust: 0.6

sources: CNNVD: CNNVD-202212-2589

PATCH

title:FG-IR-22-253url:https://www.fortiguard.com/psirt/FG-IR-22-253

Trust: 0.8

title:Fortinet FortiADC Remediation measures for environmental problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=216782

Trust: 0.6

sources: JVNDB: JVNDB-2022-023123 // CNNVD: CNNVD-202212-2589

EXTERNAL IDS

db:NVDid:CVE-2022-33876

Trust: 3.3

db:JVNDBid:JVNDB-2022-023123

Trust: 0.8

db:CNNVDid:CNNVD-202212-2589

Trust: 0.6

db:VULHUBid:VHN-426027

Trust: 0.1

sources: VULHUB: VHN-426027 // JVNDB: JVNDB-2022-023123 // CNNVD: CNNVD-202212-2589 // NVD: CVE-2022-33876

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-253

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-33876

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-33876/

Trust: 0.6

sources: VULHUB: VHN-426027 // JVNDB: JVNDB-2022-023123 // CNNVD: CNNVD-202212-2589 // NVD: CVE-2022-33876

SOURCES

db:VULHUBid:VHN-426027
db:JVNDBid:JVNDB-2022-023123
db:CNNVDid:CNNVD-202212-2589
db:NVDid:CVE-2022-33876

LAST UPDATE DATE

2024-08-14T15:16:20.743000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-426027date:2022-12-07T00:00:00
db:JVNDBid:JVNDB-2022-023123date:2023-11-27T05:58:00
db:CNNVDid:CNNVD-202212-2589date:2022-12-08T00:00:00
db:NVDid:CVE-2022-33876date:2023-11-07T03:48:23.177

SOURCES RELEASE DATE

db:VULHUBid:VHN-426027date:2022-12-06T00:00:00
db:JVNDBid:JVNDB-2022-023123date:2023-11-27T00:00:00
db:CNNVDid:CNNVD-202212-2589date:2022-12-06T00:00:00
db:NVDid:CVE-2022-33876date:2022-12-06T17:15:10.813