PT-2023-1498 · Fortinet · Fortiweb
Publicado
2023-02-16
·
Atualizado
2023-03-09
·
CVE-2023-22636
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
FortiWeb versions 6.3.6 through 6.3.21
FortiWeb versions 6.4.0 through 6.4.2
FortiWeb versions 7.0.0 through 7.0.4
Description
The issue is related to an unauthorized configuration download vulnerability. It may allow a local attacker to access confidential configuration files via a crafted HTTP request. This could potentially reveal protected information.
Recommendations
For FortiWeb versions 6.3.6 through 6.3.21, update to a version outside of this range to mitigate the risk.
For FortiWeb versions 6.4.0 through 6.4.2, update to a version outside of this range to mitigate the risk.
For FortiWeb versions 7.0.0 through 7.0.4, update to a version outside of this range to mitigate the risk.
As a temporary workaround, consider restricting access to the HTTP request functionality until a patch is available.
Correção
Improper Authorization
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Fortiweb