Path Traversal Vulnerability in FortiAP-U CLI by Fortinet
CVE-2022-30301

7.8HIGH

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiap-u
Vendor: CVE Published:; 18 July 2022

What is CVE-2022-30301?

A path traversal vulnerability in FortiAP-U CLI allows admin users to access unauthorized files and potentially delete sensitive data by exploiting crafted CLI commands. This issue exists across multiple versions including 6.2.0 to 6.2.3, 6.0.0 to 6.0.4, and 5.4.0 to 5.4.6, making it crucial for organizations utilizing FortiAP-U CLI to review their configurations and limit administrative command access to prevent potential compromises.

Affected Version(s)

Fortinet FortiAP-U FortiAP-U 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6

References

https://fortiguard.com/psirt/FG-IR-22-109

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2022
Vulnerability Reserved
May 6, 2022