Sign-up

ID

VAR-202307-1027


CVE

CVE-2022-23447


TITLE

Fortinet FortiExtender Path traversal vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202307-793

DESCRIPTION

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests

Trust: 0.99

sources: NVD: CVE-2022-23447 // VULMON: CVE-2022-23447

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiextenderscope:ltversion:7.0.4

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:gteversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:ltversion:4.1.9

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:ltversion:3.2.4

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:gteversion:4.2.0

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:ltversion:3.3.3

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:gteversion:3.3.0

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:ltversion:4.0.3

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:eqversion:5.3.2

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:gteversion:3.2.1

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:ltversion:4.2.5

Trust: 1.0

vendor:fortinetmodel:fortiextenderscope:gteversion:4.1.1

Trust: 1.0

sources: NVD: CVE-2022-23447

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-23447
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2022-23447
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202307-793
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-23447
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: CNNVD: CNNVD-202307-793 // NVD: CVE-2022-23447 // NVD: CVE-2022-23447

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

sources: NVD: CVE-2022-23447

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202307-793

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202307-793

PATCH

title:Fortinet FortiExtender Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=246954

Trust: 0.6

sources: CNNVD: CNNVD-202307-793

EXTERNAL IDS

db:NVDid:CVE-2022-23447

Trust: 1.7

db:CNNVDid:CNNVD-202307-793

Trust: 0.6

db:VULMONid:CVE-2022-23447

Trust: 0.1

sources: VULMON: CVE-2022-23447 // CNNVD: CNNVD-202307-793 // NVD: CVE-2022-23447

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-039

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-23447/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-23447 // CNNVD: CNNVD-202307-793 // NVD: CVE-2022-23447

SOURCES

db:VULMONid:CVE-2022-23447
db:CNNVDid:CNNVD-202307-793
db:NVDid:CVE-2022-23447

LAST UPDATE DATE

2024-08-14T14:54:38.818000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-23447date:2023-07-12T00:00:00
db:CNNVDid:CNNVD-202307-793date:2023-07-21T00:00:00
db:NVDid:CVE-2022-23447date:2023-11-07T03:44:09.007

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-23447date:2023-07-11T00:00:00
db:CNNVDid:CNNVD-202307-793date:2023-07-11T00:00:00
db:NVDid:CVE-2022-23447date:2023-07-11T17:15:10.383