Details of VAR-202302-1268

ID

VAR-202302-1268

CVE

CVE-2022-30300

TITLE

fortinet's Fortiweb Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004470

DESCRIPTION

A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests. fortinet's Fortiweb Exists in a past traversal vulnerability.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-30300 // JVNDB: JVNDB-2023-004470 // VULHUB: VHN-421794 // VULMON: CVE-2022-30300

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.3.6	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lt	version:	6.3.19	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	6.4.1	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	6.4.2	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	6.4.2	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	6.4.1	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	6.3.6 that's all 6.3.19	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	7.0.1	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	6.4.0	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	eq	version:	7.0.0	Trust: 0.8

sources: JVNDB: JVNDB-2023-004470 // NVD: CVE-2022-30300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-30300
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2022-30300
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-30300
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202302-1446
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-30300
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-30300
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-004470 // CNNVD: CNNVD-202302-1446 // NVD: CVE-2022-30300 // NVD: CVE-2022-30300

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	CWE-23	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-421794 // JVNDB: JVNDB-2023-004470 // NVD: CVE-2022-30300

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1446

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202302-1446

PATCH

title:	FG-IR-22-136	url:	https://fortiguard.com/psirt/FG-IR-22-136	Trust: 0.8
title:	Fortinet FortiWeb Repair measures for path traversal vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=226659	Trust: 0.6

sources: JVNDB: JVNDB-2023-004470 // CNNVD: CNNVD-202302-1446

EXTERNAL IDS

db:	NVD	id:	CVE-2022-30300	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-004470	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.1154	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-1446	Trust: 0.6
db:	VULHUB	id:	VHN-421794	Trust: 0.1
db:	VULMON	id:	CVE-2022-30300	Trust: 0.1

sources: VULHUB: VHN-421794 // VULMON: CVE-2022-30300 // JVNDB: JVNDB-2023-004470 // CNNVD: CNNVD-202302-1446 // NVD: CVE-2022-30300

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-136	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30300	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-30300/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.1154	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-421794 // VULMON: CVE-2022-30300 // JVNDB: JVNDB-2023-004470 // CNNVD: CNNVD-202302-1446 // NVD: CVE-2022-30300

SOURCES

db:	VULHUB	id:	VHN-421794
db:	VULMON	id:	CVE-2022-30300
db:	JVNDB	id:	JVNDB-2023-004470
db:	CNNVD	id:	CNNVD-202302-1446
db:	NVD	id:	CVE-2022-30300

LAST UPDATE DATE

2024-08-14T14:49:19.278000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-421794	date:	2023-02-24T00:00:00
db:	VULMON	id:	CVE-2022-30300	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004470	date:	2023-10-30T07:31:00
db:	CNNVD	id:	CNNVD-202302-1446	date:	2023-02-27T00:00:00
db:	NVD	id:	CVE-2022-30300	date:	2023-11-07T03:47:13.200

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-421794	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-30300	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2023-004470	date:	2023-10-30T00:00:00
db:	CNNVD	id:	CNNVD-202302-1446	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-30300	date:	2023-02-16T19:15:12.403