CVE-2023-44251

8.1HIGH

Key Information

Vendor: Fortinet
Status: FortiWAN
Vendor: CVE Published:; 13 December 2023

Summary

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.

Affected Version(s)

FortiWAN <= 5.2.1

FortiWAN <= 5.1.2

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 13, 2023
Vulnerability Reserved.
Sep 27, 2023

Collectors

NVD DatabaseMitre Database