CVE-2022-30302

Summary

Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiDeceptorFortiDeceptor 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1affected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References