CVE-2022-29062

Summary

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiSOARFortiSOAR 7.2.0, 7.0.2, 7.0.1, 7.0.0affected

Weaknesses

  • Improper access control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References