CVE-2022-22297

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.0 through 6.4.1 FortiRecorder versions 2.7 through 6.4.3

Description The issue is related to an incomplete filtering of one or more instances of special elements in the command line interpreter. This may allow an authenticated user to read arbitrary files via specially crafted command arguments.

Recommendations For FortiWeb versions 6.0 through 6.4.1, update to a version that includes the fix for this issue. For FortiRecorder versions 2.7 through 6.4.3, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the command line interpreter to minimize the risk of exploitation.