Details of VAR-202312-1198

ID

VAR-202312-1198

CVE

CVE-2023-44251

TITLE

fortinet's FortiWan Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-020075

DESCRIPTION

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests. ** Not supported ** This issue is a vulnerability in an unsupported product. fortinet's FortiWan Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWAN is a network device from the American company Fortinet. Used to perform load balancing and fault tolerance between different networks

Trust: 2.16

sources: NVD: CVE-2023-44251 // JVNDB: JVNDB-2023-020075 // CNVD: CNVD-2024-14773

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-14773

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiwan	scope:	eq	version:	5.1.1	Trust: 1.6
vendor:	fortinet	model:	fortiwan	scope:	eq	version:	5.1.2	Trust: 1.6
vendor:	fortinet	model:	fortiwan	scope:	eq	version:	5.2.0	Trust: 1.6
vendor:	fortinet	model:	fortiwan	scope:	eq	version:	5.2.1	Trust: 1.6
vendor:	フォーティネット	model:	fortiwan	scope:	eq	version:	5.2.1	Trust: 0.8
vendor:	フォーティネット	model:	fortiwan	scope:	eq	version:	5.1.1	Trust: 0.8
vendor:	フォーティネット	model:	fortiwan	scope:	eq	version:	5.1.2	Trust: 0.8
vendor:	フォーティネット	model:	fortiwan	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiwan	scope:	eq	version:	5.2.0	Trust: 0.8

sources: CNVD: CNVD-2024-14773 // JVNDB: JVNDB-2023-020075 // NVD: CVE-2023-44251

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-44251
value:	HIGH
Trust: 1.0
psirt@fortinet.com:	CVE-2023-44251
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-44251
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-14773
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-14773
severity:	HIGH
baseScore:	8.7
vectorString:	AV:N/AC:L/AU:S/C:C/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-44251
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2023-44251
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.5
version:	3.1
Trust: 1.0
NVD:	CVE-2023-44251
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-14773 // JVNDB: JVNDB-2023-020075 // NVD: CVE-2023-44251 // NVD: CVE-2023-44251

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-020075 // NVD: CVE-2023-44251

PATCH

title:

FG-IR-23-265

url:

https://fortiguard.com/psirt/FG-IR-23-265

Trust: 0.8

sources: JVNDB: JVNDB-2023-020075

EXTERNAL IDS

db:	NVD	id:	CVE-2023-44251	Trust: 3.2
db:	JVNDB	id:	JVNDB-2023-020075	Trust: 0.8
db:	CNVD	id:	CNVD-2024-14773	Trust: 0.6

sources: CNVD: CNVD-2024-14773 // JVNDB: JVNDB-2023-020075 // NVD: CVE-2023-44251

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2023-44251	Trust: 1.4
url:	https://fortiguard.com/psirt/fg-ir-23-265	Trust: 1.0

sources: CNVD: CNVD-2024-14773 // JVNDB: JVNDB-2023-020075 // NVD: CVE-2023-44251

SOURCES

db:	CNVD	id:	CNVD-2024-14773
db:	JVNDB	id:	JVNDB-2023-020075
db:	NVD	id:	CVE-2023-44251

LAST UPDATE DATE

2024-08-14T14:09:38.708000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-14773	date:	2024-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2023-020075	date:	2024-01-16T01:51:00
db:	NVD	id:	CVE-2023-44251	date:	2023-12-18T17:34:13.253

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-14773	date:	2024-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2023-020075	date:	2024-01-16T00:00:00
db:	NVD	id:	CVE-2023-44251	date:	2023-12-13T09:15:34.280