Lucene search

FortinetCVE-2022-29062

HistorySep 06, 2022 - 6:15 p.m.

CVE-2022-29062

2022-09-0618:15:13

CWE-22

fortinet

web.nvd.nist.gov

cve-2022-29062

fortinet fortisoar

path traversal

cwe-23

nvd

security vulnerability

nginx permissions

http requests

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

36.7%

JSON

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests.

Affected configurations

Nvd

Node

fortinetfortisoarRange7.0.0–7.0.3

fortinetfortisoarMatch7.2.0

VendorProductVersionCPE
fortinetfortisoar*cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*
fortinetfortisoar7.2.0cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortisoar	*	cpe:2.3:a:fortinet:fortisoar::::::::
fortinet	fortisoar	7.2.0	cpe:2.3:a:fortinet:fortisoar:7.2.0:::::::*

CNA Affected

[
  {
    "product": "Fortinet FortiSOAR",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiSOAR 7.2.0, 7.0.2, 7.0.1, 7.0.0"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-22-154

Social References

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

36.7%

JSON

Related for CVE-2022-29062