VYPR
Unrated severityNVD Advisory· Published Jul 11, 2023· Updated Oct 23, 2024

CVE-2022-23447

CVE-2022-23447

Description

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

Affected products

2
  • Fortinet/FortiExtenderllm-fuzzy2 versions
    7.0.0-7.0.3, 4.2.0-4.2.4, 4.1.1-4.1.8, 4.0.0-4.0.2, 3.3.0-3.3.2, 3.2.1-3.2.3, 5.3 all versions+ 1 more
    • (no CPE)range: 7.0.0-7.0.3, 4.2.0-4.2.4, 4.1.1-4.1.8, 4.0.0-4.0.2, 3.3.0-3.3.2, 3.2.1-3.2.3, 5.3 all versions
    • (no CPE)range: 7.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.