Lucene search
HistoryFeb 27, 2023 - 9:15 a.m.
CVE-2023-22636
fortiweb
cve-2023-22636
configuration download.
CVSS3
3.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
6.6
Confidence
High
EPSS
0
Percentile
5.1%
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.
Affected configurations
Node
fortinetfortiwebRange6.3.6–6.3.21
ORfortinetfortiwebRange6.4.0–6.4.2
ORfortinetfortiwebRange7.0.0–7.0.4
References
Related
cnvd
cnvd
Fortinet FortiWeb has an unspecified vulnerability (CNVD-2023-18296)
2023-02-27 00:00:00
cvelist
cvelist
CVE-2023-22636
2023-02-27 08:55:03
fortinet
fortinet
FortiWeb - Unauthorized Configuration Download Vulnerability
2023-02-16 00:00:00
cve
cve
CVE-2023-22636
2023-02-27 09:15:09
nessus
nessus
Fortinet FortiWeb - Unauthorized Configuration Download (FG-IR-22-460)
2024-05-22 00:00:00
prion
prion
Design/Logic Flaw
2023-02-27 09:15:00
CVSS3
3.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
6.6
Confidence
High
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2023-22636