PT-2023-1500 · Fortinet · Fortiweb
Published
2023-02-16
·
Updated
2023-02-24
·
CVE-2022-30300
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiWeb versions 6.3.6 through 6.3.18
FortiWeb versions 6.4
FortiWeb versions 7.0.0 through 7.0.1
Description
The issue is related to a relative path traversal vulnerability in FortiWeb, which may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests. This is due to incorrect restriction of the directory path name with limited access.
Recommendations
For FortiWeb versions 6.3.6 through 6.3.18, update to a version outside of this range to resolve the issue.
For FortiWeb versions 6.4, update to a version outside of this range to resolve the issue.
For FortiWeb versions 7.0.0 through 7.0.1, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider restricting access to specifically crafted HTTP GET requests until a patch is available.
Fix
Relative Path Traversal
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fortiweb