An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-21-218 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fortinet
Published: 2023-03-07T16:04:48.484Z
Updated: 2023-03-07T16:04:48.484Z
Reserved: 2022-01-03T09:39:36.527Z
Link: CVE-2022-22297
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-07T17:15:11.707
Modified: 2023-11-07T03:43:51.413
Link: CVE-2022-22297
JSON object: View
Redhat Information
No data.
CWE