CVE-2022-30299

Summary

A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb7.0.0 <= 7.0.1affected
FortinetFortiWeb6.4.0 <= 6.4.2affected
FortinetFortiWeb6.3.0 <= 6.3.19affected
FortinetFortiWeb6.2.0 <= 6.2.7affected
FortinetFortiWeb6.1.0 <= 6.1.3affected
FortinetFortiWeb6.0.0 <= 6.0.8affected

Weaknesses

  • CWE-23: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References