PT-2023-1737 · Fortinet · Fortirecorder+1

Published

2023-03-07

Updated

2023-03-14

CVE-2022-22297

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.0 through 6.4.1 FortiRecorder versions 2.7 through 6.4.3

Description The issue is related to an incomplete filtering of one or more instances of special elements in the command line interpreter. This may allow an authenticated user to read arbitrary files via specially crafted command arguments.

Recommendations For FortiWeb versions 6.0 through 6.4.1, update to a version that includes the fix for this issue. For FortiRecorder versions 2.7 through 6.4.3, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the command line interpreter to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-792

Related Identifiers

BDU:2023-01328

CVE-2022-22297

Affected Products

Fortirecorder

Fortiweb

PT-2023-1737 · Fortinet · Fortirecorder+1

CVE-2022-22297

Weakness Enumeration

Related Identifiers

Affected Products

References · 5