ID

VAR-202302-1464


CVE

CVE-2022-30299


TITLE

fortinet's  Fortiweb  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004469

DESCRIPTION

A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests. fortinet's Fortiweb Exists in a past traversal vulnerability.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-30299 // JVNDB: JVNDB-2023-004469 // VULHUB: VHN-421793 // VULMON: CVE-2022-30299

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:lteversion:6.1.3

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.0.8

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.1

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.2

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:7.0.1

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.1.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:ltversion:6.3.20

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.2.7

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.2.0 to 6.2.7

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.0.0 to 6.0.8

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.2

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:7.0.0

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:7.0.1

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.4.0

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.3.0 that's all 6.3.20

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion:6.1.0 to 6.1.3

Trust: 0.8

sources: JVNDB: JVNDB-2023-004469 // NVD: CVE-2022-30299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-30299
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2022-30299
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-30299
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202302-1447
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-30299
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-30299
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-30299
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004469 // CNNVD: CNNVD-202302-1447 // NVD: CVE-2022-30299 // NVD: CVE-2022-30299

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-23

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-421793 // JVNDB: JVNDB-2023-004469 // NVD: CVE-2022-30299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1447

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202302-1447

PATCH

title:FG-IR-22-146url:https://fortiguard.com/psirt/FG-IR-22-146

Trust: 0.8

title:Fortinet FortiWeb Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226660

Trust: 0.6

sources: JVNDB: JVNDB-2023-004469 // CNNVD: CNNVD-202302-1447

EXTERNAL IDS

db:NVDid:CVE-2022-30299

Trust: 3.4

db:JVNDBid:JVNDB-2023-004469

Trust: 0.8

db:AUSCERTid:ESB-2023.1156

Trust: 0.6

db:CNNVDid:CNNVD-202302-1447

Trust: 0.6

db:VULHUBid:VHN-421793

Trust: 0.1

db:VULMONid:CVE-2022-30299

Trust: 0.1

sources: VULHUB: VHN-421793 // VULMON: CVE-2022-30299 // JVNDB: JVNDB-2023-004469 // CNNVD: CNNVD-202302-1447 // NVD: CVE-2022-30299

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-146

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-30299

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-30299/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1156

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-421793 // VULMON: CVE-2022-30299 // JVNDB: JVNDB-2023-004469 // CNNVD: CNNVD-202302-1447 // NVD: CVE-2022-30299

SOURCES

db:VULHUBid:VHN-421793
db:VULMONid:CVE-2022-30299
db:JVNDBid:JVNDB-2023-004469
db:CNNVDid:CNNVD-202302-1447
db:NVDid:CVE-2022-30299

LAST UPDATE DATE

2024-08-14T14:36:59.865000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-421793date:2023-02-24T00:00:00
db:VULMONid:CVE-2022-30299date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004469date:2023-10-30T07:31:00
db:CNNVDid:CNNVD-202302-1447date:2023-02-27T00:00:00
db:NVDid:CVE-2022-30299date:2023-11-07T03:47:13.117

SOURCES RELEASE DATE

db:VULHUBid:VHN-421793date:2023-02-16T00:00:00
db:VULMONid:CVE-2022-30299date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004469date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1447date:2023-02-16T00:00:00
db:NVDid:CVE-2022-30299date:2023-02-16T19:15:12.337