CVE-2023-44251

CVE Database · CVE-2023-44251

CVE-2023-44251

· HIGHModified

CVSS v3.1

8.3

EPSS

0.84%

Published

Dec 13, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

Weaknesses (CWE)

CWE-22

Affected Products (4)

fortinet · fortiwanvulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-23-265

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-23-265

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs