CVE-2022-33876

Name of the Vulnerable Software and Affected Versions Fortinet FortiADC versions 6.2.4 and below Fortinet FortiADC versions 7.0.0 through 7.0.2 Fortinet FortiADC version 7.1.0

Description The issue is related to improper input validation, allowing an authenticated attacker to retrieve files with specific extensions from the underlying Linux system via crafted HTTP requests. This can be exploited by a remote attacker.

Recommendations For Fortinet FortiADC versions 6.2.4 and below, update to a version above 6.2.4 to resolve the issue. For Fortinet FortiADC versions 7.0.0 through 7.0.2, update to a version above 7.0.2 to resolve the issue. For Fortinet FortiADC version 7.1.0, update to a version above 7.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the HTTP requests that can exploit this issue until a patch is available.