CVE-2022-22297

CVE Database · CVE-2022-22297

CVE-2022-22297

· MEDIUMModified

CVSS v3.1

5.5

EPSS

0.22%

Published

Mar 7, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-792

Affected Products (8)

fortinet · fortiwebvulnerable

fortinet · fortirecorder_firmwarevulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-21-218

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-21-218

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs