ID

VAR-202302-1268


CVE

CVE-2022-30300


TITLE

fortinet's  Fortiweb  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004470

DESCRIPTION

A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests. fortinet's Fortiweb Exists in a past traversal vulnerability.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-30300 // JVNDB: JVNDB-2023-004470 // VULHUB: VHN-421794 // VULMON: CVE-2022-30300

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.6

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:6.3.19

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.1

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:7.0.1

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.2

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.3.6 that's all 6.3.19

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:7.0.1

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.0

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:7.0.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004470 // NVD: CVE-2022-30300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-30300
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2022-30300
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-30300
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202302-1446
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-30300
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-30300
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004470 // CNNVD: CNNVD-202302-1446 // NVD: CVE-2022-30300 // NVD: CVE-2022-30300

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-23

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-421794 // JVNDB: JVNDB-2023-004470 // NVD: CVE-2022-30300

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1446

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202302-1446

PATCH

title:FG-IR-22-136url:https://fortiguard.com/psirt/FG-IR-22-136

Trust: 0.8

title:Fortinet FortiWeb Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226659

Trust: 0.6

sources: JVNDB: JVNDB-2023-004470 // CNNVD: CNNVD-202302-1446

EXTERNAL IDS

db:NVDid:CVE-2022-30300

Trust: 3.4

db:JVNDBid:JVNDB-2023-004470

Trust: 0.8

db:AUSCERTid:ESB-2023.1154

Trust: 0.6

db:CNNVDid:CNNVD-202302-1446

Trust: 0.6

db:VULHUBid:VHN-421794

Trust: 0.1

db:VULMONid:CVE-2022-30300

Trust: 0.1

sources: VULHUB: VHN-421794 // VULMON: CVE-2022-30300 // JVNDB: JVNDB-2023-004470 // CNNVD: CNNVD-202302-1446 // NVD: CVE-2022-30300

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-136

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-30300

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-30300/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1154

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-421794 // VULMON: CVE-2022-30300 // JVNDB: JVNDB-2023-004470 // CNNVD: CNNVD-202302-1446 // NVD: CVE-2022-30300

SOURCES

db:VULHUBid:VHN-421794
db:VULMONid:CVE-2022-30300
db:JVNDBid:JVNDB-2023-004470
db:CNNVDid:CNNVD-202302-1446
db:NVDid:CVE-2022-30300

LAST UPDATE DATE

2024-08-14T14:49:19.278000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-421794date:2023-02-24T00:00:00
db:VULMONid:CVE-2022-30300date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004470date:2023-10-30T07:31:00
db:CNNVDid:CNNVD-202302-1446date:2023-02-27T00:00:00
db:NVDid:CVE-2022-30300date:2023-11-07T03:47:13.200

SOURCES RELEASE DATE

db:VULHUBid:VHN-421794date:2023-02-16T00:00:00
db:VULMONid:CVE-2022-30300date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004470date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1446date:2023-02-16T00:00:00
db:NVDid:CVE-2022-30300date:2023-02-16T19:15:12.403