Relative Path Traversal Vulnerability in FortiWeb by Fortinet
CVE-2023-23778

4.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiweb
Vendor: CVE Published:; 16 February 2023

Summary

A relative path traversal vulnerability in FortiWeb allows an authenticated user to access sensitive files and data through specially crafted web requests. This issue affects FortiWeb versions 7.0.1 and below, along with all versions of 6.4, 6.3, and 6.2. Proper server configuration and input validation are vital to mitigate risks associated with unauthorized access.

Affected Version(s)

FortiWeb 7.0.0 <= 7.0.1

FortiWeb 6.4.0 <= 6.4.2

FortiWeb 6.3.0 <= 6.3.21

References

https://fortiguard.com/psirt/FG-IR-22-142

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Jan 18, 2023