Lucene search
FortinetCVELIST:CVE-2022-29062HistorySep 06, 2022 - 3:10 p.m.
CVE-2022-29062
2022-09-0615:10:24
fortinet
www.cve.org
3
fortinet fortisoar
path traversal
cwe-23
nginx permissions
crafted http requests
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:F/RC:C
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
36.7%
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests.
CNA Affected
[
{
"product": "Fortinet FortiSOAR",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiSOAR 7.2.0, 7.0.2, 7.0.1, 7.0.0"
}
]
}
]References
Related
fortinet
fortinet
FortiSOAR - Path traversal vulnerabilities in the web API
2022-09-06 00:00:00
prion
prion
Path traversal
2022-09-06 18:15:00
cve
cve
CVE-2022-29062
2022-09-06 18:15:13
nvd
nvd
CVE-2022-29062
2022-09-06 18:15:13
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:F/RC:C
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
36.7%
Related for CVELIST:CVE-2022-29062