Unrated severityNVD Advisory· Published Jul 11, 2023· Updated Oct 23, 2024
CVE-2022-23447
CVE-2022-23447
Description
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
Affected products
27.0.0-7.0.3, 4.2.0-4.2.4, 4.1.1-4.1.8, 4.0.0-4.0.2, 3.3.0-3.3.2, 3.2.1-3.2.3, 5.3 all versions+ 1 more
- (no CPE)range: 7.0.0-7.0.3, 4.2.0-4.2.4, 4.1.1-4.1.8, 4.0.0-4.0.2, 3.3.0-3.3.2, 3.2.1-3.2.3, 5.3 all versions
- (no CPE)range: 7.0.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.