Lucene search

FortinetCVE-2022-33876

HistoryDec 06, 2022 - 5:15 p.m.

CVE-2022-33876

2022-12-0617:15:10

CWE-20

fortinet

web.nvd.nist.gov

cve-2022-33876

fortinet fortiadc

input validation

vulnerability

http requests

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

27.7%

JSON

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.

Affected configurations

Nvd

Node

fortinetfortiadcRange5.1.0–6.2.4

fortinetfortiadcMatch7.0.0

fortinetfortiadcMatch7.0.1

fortinetfortiadcMatch7.0.2

fortinetfortiadcMatch7.1.0

VendorProductVersionCPE
fortinetfortiadc*cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
fortinetfortiadc7.0.0cpe:2.3:a:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*
fortinetfortiadc7.0.1cpe:2.3:a:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*
fortinetfortiadc7.0.2cpe:2.3:a:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*
fortinetfortiadc7.1.0cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortiadc	*	cpe:2.3:a:fortinet:fortiadc::::::::
fortinet	fortiadc	7.0.0	cpe:2.3:a:fortinet:fortiadc:7.0.0:::::::*
fortinet	fortiadc	7.0.1	cpe:2.3:a:fortinet:fortiadc:7.0.1:::::::*
fortinet	fortiadc	7.0.2	cpe:2.3:a:fortinet:fortiadc:7.0.2:::::::*
fortinet	fortiadc	7.1.0	cpe:2.3:a:fortinet:fortiadc:7.1.0:::::::*

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiADC",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "7.1.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.2.0",
        "lessThanOrEqual": "6.2.4",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.1.0",
        "lessThanOrEqual": "6.1.6",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.0.0",
        "lessThanOrEqual": "6.0.4",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "5.4.0",
        "lessThanOrEqual": "5.4.5",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "5.3.0",
        "lessThanOrEqual": "5.3.7",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "5.2.0",
        "lessThanOrEqual": "5.2.8",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "5.1.0",
        "lessThanOrEqual": "5.1.7",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-22-253

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

27.7%

JSON

Related for CVE-2022-33876