CVE-2022-22297

5.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortirecorder; Fortiweb
Vendor: CVE Published:; 7 March 2023

Summary

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.

Affected Version(s)

FortiRecorder 6.4.0 <= 6.4.3

FortiRecorder 6.0.0 <= 6.0.12

FortiRecorder 2.7.0 <= 2.7.7

References

https://fortiguard.com/psirt/FG-IR-21-218

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 7, 2023
Vulnerability Reserved
Jan 3, 2022

Collectors

NVD DatabaseMitre Database