Path Traversal Vulnerability in FortiExtender Management Interface
CVE-2022-23447

7.3HIGH

Key Information:

Vendor: Fortinet
Status: Fortiextender
Vendor: CVE Published:; 11 July 2023

What is CVE-2022-23447?

A path traversal vulnerability exists in the FortiExtender management interface, affecting multiple versions across different releases. This flaw allows unauthenticated attackers to exploit the system by sending crafted web requests that facilitate unauthorized access to arbitrary files on the server's filesystem, potentially leading to data exposure and security breaches.

Affected Version(s)

FortiExtender 7.0.0 <= 7.0.3

FortiExtender 5.3.2

FortiExtender 4.2.0 <= 4.2.4

References

https://fortiguard.com/psirt/FG-IR-22-039

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Jan 19, 2022

Fortinet

What is CVE-2022-23447?

Affected Version(s)

References

CVSS V3.1

Timeline