CVE-2022-22297

EPSS 0.06%
Published 07.03.2023 17:15:11
Last modified 21.11.2024 06:46:35
Source psirt@fortinet.com
Teams watchlist Login
Open Login

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Fortinet ≫ Fortiweb Version >= 6.0.0 <= 6.0.8

Fortinet ≫ Fortiweb Version >= 6.1.0 <= 6.1.3

Fortinet ≫ Fortiweb Version >= 6.2.0 <= 6.2.7

Fortinet ≫ Fortiweb Version >= 6.3.0 <= 6.3.17

Fortinet ≫ Fortiweb Version >= 6.4.0 <= 6.4.3

Fortinet ≫ Fortirecorder Firmware Version >= 2.7.0 <= 2.7.7

Fortinet ≫ Fortirecorder Firmware Version >= 6.0.0 <= 6.0.12

Fortinet ≫ Fortirecorder Firmware Version >= 6.4.0 <= 6.4.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.162

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
psirt@fortinet.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-792 Incomplete Filtering of One or More Instances of Special Elements

The product receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to a downstream component.

https://fortiguard.com/psirt/FG-IR-21-218

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22297

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22297

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22297

EUVD