Command Line Interpreter Vulnerability in FortiWeb and FortiRecorder Products
CVE-2022-22297

5.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortirecorder; Fortiweb
Vendor: CVE Published:; 7 March 2023

Summary

The vulnerability in the command line interpreter of FortiWeb and FortiRecorder arises from an incomplete filtering of special elements, allowing authenticated users to craft command arguments that may lead to unauthorized access to arbitrary files. This flaw affects multiple versions of both products, making it essential for users to apply appropriate patches to mitigate potential risks associated with unauthorized file reading.

Affected Version(s)

FortiRecorder 6.4.0 <= 6.4.3

FortiRecorder 6.0.0 <= 6.0.12

FortiRecorder 2.7.0 <= 2.7.7

References

https://fortiguard.com/psirt/FG-IR-21-218

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 7, 2023
Vulnerability Reserved
Jan 3, 2022