CVE-2023-27993

Summary

A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiADC7.2.0affected
FortinetFortiADC7.1.0 <= 7.1.1affected
FortinetFortiADC7.0.0 <= 7.0.5affected
FortinetFortiADC6.2.0 <= 6.2.6affected
FortinetFortiADC6.1.0 <= 6.1.6affected
FortinetFortiADC6.0.0 <= 6.0.4affected
FortinetFortiADC5.4.0 <= 5.4.5affected
FortinetFortiADC5.3.0 <= 5.3.7affected
FortinetFortiADC5.2.0 <= 5.2.8affected

Weaknesses

  • CWE-23: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References