CVE-2022-22297

Summary

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiRecorder6.4.0 <= 6.4.3affected
FortinetFortiRecorder6.0.0 <= 6.0.12affected
FortinetFortiRecorder2.7.0 <= 2.7.7affected
FortinetFortiWeb6.4.0 <= 6.4.1affected
FortinetFortiWeb6.3.0 <= 6.3.17affected
FortinetFortiWeb6.2.0 <= 6.2.7affected
FortinetFortiWeb6.1.0 <= 6.1.3affected
FortinetFortiWeb6.0.0 <= 6.0.8affected

Weaknesses

  • CWE-792: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References