Lucene search

K
cveFortinetCVE-2022-42477
HistoryApr 11, 2023 - 5:15 p.m.

CVE-2022-42477

2023-04-1117:15:07
CWE-20
fortinet
web.nvd.nist.gov
21
cve-2022-42477
cwe-20
fortianalyzer
input validation
information disclosure
sql injection

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RC:R

AI Score

5.5

Confidence

High

EPSS

0

Percentile

9.0%

An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.

Affected configurations

Nvd
Node
fortinetfortianalyzerRange6.4.07.0.7
OR
fortinetfortianalyzerMatch7.2.0
VendorProductVersionCPE
fortinetfortianalyzer*cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
fortinetfortianalyzer7.2.0cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiAnalyzer",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.6",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.10",
        "status": "affected"
      }
    ]
  }
]

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RC:R

AI Score

5.5

Confidence

High

EPSS

0

Percentile

9.0%

Related for CVE-2022-42477