exploitDog

GHSA-jgpr-rr69-24ch

Опубликовано: 13 дек. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 8.3

Описание

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.

Ссылки

EPSS

Процентиль: 70%

0.00627

Низкий

8.3 High

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2023-44251

CVSS3: 8.3

nvd

около 2 лет назад

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.

BDU:2023-08822

CVSS3: 8.3

fstec

около 2 лет назад

Уязвимость системы балансировки трафика FortiWAN, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю получить доступ на чтение, изменение или удаление данных и выполнить произвольные команды

EPSS

Процентиль: 70%

0.00627

Низкий

8.3 High

CVSS3

CVE ID

Дефекты

CWE-22