Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-44251 (GCVE-0-2023-44251)
Vulnerability from cvelistv5 – Published: 2023-12-13 08:52 – Updated: 2024-08-02 19:59
VLAI?
EPSS
Summary
** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.
Severity ?
CWE
- CWE-22 - Execute unauthorized code or commands
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:52.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-265",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiWAN",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "5.2.1",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.1.2",
"status": "affected",
"version": "5.1.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T08:52:59.662Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-265",
"url": "https://fortiguard.com/psirt/FG-IR-23-265"
}
],
"solutions": [
{
"lang": "en",
"value": "This product is end of life and no longer supported. Please consider replacing with an equivalent FortiGate appliance as approriate.\n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-44251",
"datePublished": "2023-12-13T08:52:59.662Z",
"dateReserved": "2023-09-27T12:26:48.750Z",
"dateUpdated": "2024-08-02T19:59:52.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiwan:5.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C010221E-9BAF-41DC-B352-5941D38C8FEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiwan:5.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7944DB8-76F2-40B9-97E2-D14A1EBF6286\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiwan:5.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BCE7940-6D64-43BE-92AF-3EB86F4D0B3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortiwan:5.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C8034DF-A33B-4B49-9448-6AD1DFAB27D5\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.\"}, {\"lang\": \"es\", \"value\": \"** NO COMPATIBLE CUANDO SE ASIGNA ** Una limitaci\\u00f3n inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido (\\\"path traversal\\\") [CWE-22] en Fortinet FortiWAN versi\\u00f3n 5.2.0 a 5.2.1 y versi\\u00f3n 5.1.1. hasta 5.1.2 puede permitir que un atacante autenticado lea y elimine archivos arbitrarios del sistema a trav\\u00e9s de solicitudes HTTP o HTTP manipuladas.\"}]",
"id": "CVE-2023-44251",
"lastModified": "2024-11-21T08:25:31.357",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H\", \"baseScore\": 8.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2023-12-13T09:15:34.280",
"references": "[{\"url\": \"https://fortiguard.com/psirt/FG-IR-23-265\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://fortiguard.com/psirt/FG-IR-23-265\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"psirt@fortinet.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-44251\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2023-12-13T09:15:34.280\",\"lastModified\":\"2024-11-21T08:25:31.357\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.\"},{\"lang\":\"es\",\"value\":\"** NO COMPATIBLE CUANDO SE ASIGNA ** Una limitaci\u00f3n inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido (\\\"path traversal\\\") [CWE-22] en Fortinet FortiWAN versi\u00f3n 5.2.0 a 5.2.1 y versi\u00f3n 5.1.1. hasta 5.1.2 puede permitir que un atacante autenticado lea y elimine archivos arbitrarios del sistema a trav\u00e9s de solicitudes HTTP o HTTP manipuladas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiwan:5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C010221E-9BAF-41DC-B352-5941D38C8FEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiwan:5.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7944DB8-76F2-40B9-97E2-D14A1EBF6286\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiwan:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BCE7940-6D64-43BE-92AF-3EB86F4D0B3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiwan:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C8034DF-A33B-4B49-9448-6AD1DFAB27D5\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-23-265\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-23-265\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
GHSA-JGPR-RR69-24CH
Vulnerability from github – Published: 2023-12-13 09:30 – Updated: 2023-12-13 09:30
VLAI?
Details
** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.
Severity ?
8.3 (High)
{
"affected": [],
"aliases": [
"CVE-2023-44251"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-13T09:15:34Z",
"severity": "HIGH"
},
"details": "** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.",
"id": "GHSA-jgpr-rr69-24ch",
"modified": "2023-12-13T09:30:32Z",
"published": "2023-12-13T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44251"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-23-265"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"type": "CVSS_V3"
}
]
}
CERTFR-2023-AVI-0973
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiGate | Fortigate FGT_VM64 versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | N/A | FortiClientWindows versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiClientWindows versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.0.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.7.x antériéures à 6.7.6 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | N/A | FortiClientWindows versions 6.x antérieures à 6.4.9 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.5.x antérieures à 6.5.2 | ||
| Fortinet | FortiMail | FortiMail versions antérieures à 7.0.7 | ||
| Fortinet | N/A | FortiWLM version 8.x antérieures à 8.5.5 | ||
| Fortinet | FortiDDoS | FortiDDOS-F versions 6.5.x antérieures à 6.5.1 | ||
| Fortinet | N/A | FortiEDRCollectorWindows versions 5.0.x antérieures à 5.0.3.1016 | ||
| Fortinet | FortiGate | Fortigate FGT_VM64 versions 7.x antérieures 7.2.7 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 6.4.3 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.2.4 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.0.x antérieures à 7.0.1 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | N/A | FortiEDRCollectorWindows versions 5.2.x antérieures à 5.2.0.4581 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.1.3 | ||
| Fortinet | FortiDDoS | FortiDDOS-F versions antérieures à 6.4.2 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiWAN | FortiWAN toutes versions (ce produit n'est plus maintenu par l'éditeur) | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.6.x antériéures à 6.6.4 | ||
| Fortinet | N/A | FortiWLM version 8.6.x antérieures à 8.6.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.2.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Fortigate FGT_VM64 versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.7.x ant\u00e9ri\u00e9ures \u00e0 6.7.6",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 6.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.5.x ant\u00e9rieures \u00e0 6.5.2",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLM version 8.x ant\u00e9rieures \u00e0 8.5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDOS-F versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDRCollectorWindows versions 5.0.x ant\u00e9rieures \u00e0 5.0.3.1016",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortigate FGT_VM64 versions 7.x ant\u00e9rieures 7.2.7",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDRCollectorWindows versions 5.2.x ant\u00e9rieures \u00e0 5.2.0.4581",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDOS-F versions ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWAN toutes versions (ce produit n\u0027est plus maintenu par l\u0027\u00e9diteur)",
"product": {
"name": "FortiWAN",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.6.x ant\u00e9ri\u00e9ures \u00e0 6.6.4",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLM version 8.6.x ant\u00e9rieures \u00e0 8.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36633"
},
{
"name": "CVE-2023-41676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41676"
},
{
"name": "CVE-2023-25603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25603"
},
{
"name": "CVE-2023-36641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36641"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-33304",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33304"
},
{
"name": "CVE-2023-26205",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26205"
},
{
"name": "CVE-2023-28002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28002"
},
{
"name": "CVE-2023-40719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40719"
},
{
"name": "CVE-2023-29177",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29177"
},
{
"name": "CVE-2023-44248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44248"
},
{
"name": "CVE-2023-41840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41840"
},
{
"name": "CVE-2023-42783",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42783"
},
{
"name": "CVE-2022-40681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40681"
},
{
"name": "CVE-2023-44252",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44252"
},
{
"name": "CVE-2023-36553",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36553"
},
{
"name": "CVE-2023-44251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44251"
},
{
"name": "CVE-2023-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45582"
},
{
"name": "CVE-2023-34991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34991"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0973",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-299 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-299"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-306 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-306"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-274 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-274"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-385 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-385"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-518 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-518"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-292 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-292"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-108 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-108"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-290 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-290"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-287 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-287"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-064 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-064"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-135 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-135"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-177 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-177"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-061 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-061"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-151 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-151"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-396 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-396"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-143 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-143"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-142 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-142"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-203 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-203"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-265 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-265"
}
]
}
CERTFR-2023-AVI-0973
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiGate | Fortigate FGT_VM64 versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | N/A | FortiClientWindows versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiClientWindows versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.0.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.7.x antériéures à 6.7.6 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | N/A | FortiClientWindows versions 6.x antérieures à 6.4.9 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.5.x antérieures à 6.5.2 | ||
| Fortinet | FortiMail | FortiMail versions antérieures à 7.0.7 | ||
| Fortinet | N/A | FortiWLM version 8.x antérieures à 8.5.5 | ||
| Fortinet | FortiDDoS | FortiDDOS-F versions 6.5.x antérieures à 6.5.1 | ||
| Fortinet | N/A | FortiEDRCollectorWindows versions 5.0.x antérieures à 5.0.3.1016 | ||
| Fortinet | FortiGate | Fortigate FGT_VM64 versions 7.x antérieures 7.2.7 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 6.4.3 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.2.4 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.0.x antérieures à 7.0.1 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | N/A | FortiEDRCollectorWindows versions 5.2.x antérieures à 5.2.0.4581 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.1.3 | ||
| Fortinet | FortiDDoS | FortiDDOS-F versions antérieures à 6.4.2 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiWAN | FortiWAN toutes versions (ce produit n'est plus maintenu par l'éditeur) | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.6.x antériéures à 6.6.4 | ||
| Fortinet | N/A | FortiWLM version 8.6.x antérieures à 8.6.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.2.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Fortigate FGT_VM64 versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.7.x ant\u00e9ri\u00e9ures \u00e0 6.7.6",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 6.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.5.x ant\u00e9rieures \u00e0 6.5.2",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLM version 8.x ant\u00e9rieures \u00e0 8.5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDOS-F versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDRCollectorWindows versions 5.0.x ant\u00e9rieures \u00e0 5.0.3.1016",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortigate FGT_VM64 versions 7.x ant\u00e9rieures 7.2.7",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDRCollectorWindows versions 5.2.x ant\u00e9rieures \u00e0 5.2.0.4581",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDOS-F versions ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWAN toutes versions (ce produit n\u0027est plus maintenu par l\u0027\u00e9diteur)",
"product": {
"name": "FortiWAN",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.6.x ant\u00e9ri\u00e9ures \u00e0 6.6.4",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLM version 8.6.x ant\u00e9rieures \u00e0 8.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36633"
},
{
"name": "CVE-2023-41676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41676"
},
{
"name": "CVE-2023-25603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25603"
},
{
"name": "CVE-2023-36641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36641"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-33304",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33304"
},
{
"name": "CVE-2023-26205",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26205"
},
{
"name": "CVE-2023-28002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28002"
},
{
"name": "CVE-2023-40719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40719"
},
{
"name": "CVE-2023-29177",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29177"
},
{
"name": "CVE-2023-44248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44248"
},
{
"name": "CVE-2023-41840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41840"
},
{
"name": "CVE-2023-42783",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42783"
},
{
"name": "CVE-2022-40681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40681"
},
{
"name": "CVE-2023-44252",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44252"
},
{
"name": "CVE-2023-36553",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36553"
},
{
"name": "CVE-2023-44251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44251"
},
{
"name": "CVE-2023-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45582"
},
{
"name": "CVE-2023-34991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34991"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0973",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-299 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-299"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-306 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-306"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-274 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-274"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-385 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-385"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-518 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-518"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-292 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-292"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-108 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-108"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-290 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-290"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-287 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-287"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-064 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-064"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-135 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-135"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-177 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-177"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-061 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-061"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-151 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-151"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-396 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-396"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-143 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-143"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-142 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-142"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-203 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-203"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-265 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-265"
}
]
}
GSD-2023-44251
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-44251",
"id": "GSD-2023-44251"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-44251"
],
"details": "** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.",
"id": "GSD-2023-44251",
"modified": "2023-12-13T01:20:38.722102Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2023-44251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FortiWAN",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.2.0",
"version_value": "5.2.1"
},
{
"version_affected": "\u003c=",
"version_name": "5.1.1",
"version_value": "5.1.2"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H/E:F/RL:X/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-22",
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-265",
"refsource": "MISC",
"url": "https://fortiguard.com/psirt/FG-IR-23-265"
}
]
},
"solution": [
{
"lang": "en",
"value": "This product is end of life and no longer supported. Please consider replacing with an equivalent FortiGate appliance as approriate.\n"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C010221E-9BAF-41DC-B352-5941D38C8FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7944DB8-76F2-40B9-97E2-D14A1EBF6286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCE7940-6D64-43BE-92AF-3EB86F4D0B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8034DF-A33B-4B49-9448-6AD1DFAB27D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests."
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO SE ASIGNA ** Una limitaci\u00f3n inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido (\"path traversal\") [CWE-22] en Fortinet FortiWAN versi\u00f3n 5.2.0 a 5.2.1 y versi\u00f3n 5.1.1. hasta 5.1.2 puede permitir que un atacante autenticado lea y elimine archivos arbitrarios del sistema a trav\u00e9s de solicitudes HTTP o HTTP manipuladas."
}
],
"id": "CVE-2023-44251",
"lastModified": "2023-12-18T17:34:13.253",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
},
"published": "2023-12-13T09:15:34.280",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-265"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "psirt@fortinet.com",
"type": "Primary"
}
]
}
}
}
}
FKIE_CVE-2023-44251
Vulnerability from fkie_nvd - Published: 2023-12-13 09:15 - Updated: 2024-11-21 08:25
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-23-265 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-23-265 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C010221E-9BAF-41DC-B352-5941D38C8FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7944DB8-76F2-40B9-97E2-D14A1EBF6286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCE7940-6D64-43BE-92AF-3EB86F4D0B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiwan:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8034DF-A33B-4B49-9448-6AD1DFAB27D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests."
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO SE ASIGNA ** Una limitaci\u00f3n inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido (\"path traversal\") [CWE-22] en Fortinet FortiWAN versi\u00f3n 5.2.0 a 5.2.1 y versi\u00f3n 5.1.1. hasta 5.1.2 puede permitir que un atacante autenticado lea y elimine archivos arbitrarios del sistema a trav\u00e9s de solicitudes HTTP o HTTP manipuladas."
}
],
"id": "CVE-2023-44251",
"lastModified": "2024-11-21T08:25:31.357",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-13T09:15:34.280",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-265"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "psirt@fortinet.com",
"type": "Primary"
}
]
}
CNVD-2024-14773
Vulnerability from cnvd - Published: 2024-03-28
VLAI Severity ?
Title
Fortinet FortiWAN路径遍历漏洞
Description
Fortinet FortiWAN是美国飞塔(Fortinet)公司的一个网络设备。用于在不同网络之间执行负载平衡和容错。
Fortinet FortiWAN存在路径遍历漏洞,该漏洞源于对受限制目录的路径名限制不当,经过身份验证的攻击者可利用该漏洞通过构建的HTTP读取和删除系统的任意文件,或者HTTPs请求。
Severity
高
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://www.auscert.org.au/bulletins/ESB-2023.6752
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-44251
Impacted products
| Name | ['Fortinet FortiWAN 5.1.1', 'Fortinet FortiWAN 5.1.2', 'Fortinet FortiWAN 5.2.0', 'Fortinet FortiWAN 5.2.1'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-44251",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-44251"
}
},
"description": "Fortinet FortiWAN\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7f51\u7edc\u8bbe\u5907\u3002\u7528\u4e8e\u5728\u4e0d\u540c\u7f51\u7edc\u4e4b\u95f4\u6267\u884c\u8d1f\u8f7d\u5e73\u8861\u548c\u5bb9\u9519\u3002\n\nFortinet FortiWAN\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u53d7\u9650\u5236\u76ee\u5f55\u7684\u8def\u5f84\u540d\u9650\u5236\u4e0d\u5f53\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u6784\u5efa\u7684HTTP\u8bfb\u53d6\u548c\u5220\u9664\u7cfb\u7edf\u7684\u4efb\u610f\u6587\u4ef6\uff0c\u6216\u8005HTTPs\u8bf7\u6c42\u3002",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.auscert.org.au/bulletins/ESB-2023.6752",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-14773",
"openTime": "2024-03-28",
"products": {
"product": [
"Fortinet FortiWAN 5.1.1",
"Fortinet FortiWAN 5.1.2",
"Fortinet FortiWAN 5.2.0",
"Fortinet FortiWAN 5.2.1"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-44251",
"serverity": "\u9ad8",
"submitTime": "2023-11-17",
"title": "Fortinet FortiWAN\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}
VAR-202312-1198
Vulnerability from variot - Updated: 2024-03-29 22:34** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests. ** Not supported ** This issue is a vulnerability in an unsupported product. fortinet's FortiWan Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWAN is a network device from the American company Fortinet. Used to perform load balancing and fault tolerance between different networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1198",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortiwan",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.1.1"
},
{
"model": "fortiwan",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.1.2"
},
{
"model": "fortiwan",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.2.0"
},
{
"model": "fortiwan",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.2.1"
},
{
"model": "fortiwan",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "5.2.1"
},
{
"model": "fortiwan",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "5.1.1"
},
{
"model": "fortiwan",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "5.1.2"
},
{
"model": "fortiwan",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": null
},
{
"model": "fortiwan",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
"version": "5.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-14773"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020075"
},
{
"db": "NVD",
"id": "CVE-2023-44251"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiwan:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiwan:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiwan:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortiwan:5.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44251"
}
]
},
"cve": "CVE-2023-44251",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2024-14773",
"impactScore": 9.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@fortinet.com",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-44251",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-44251",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@fortinet.com",
"id": "CVE-2023-44251",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2024-14773",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-14773"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020075"
},
{
"db": "NVD",
"id": "CVE-2023-44251"
},
{
"db": "NVD",
"id": "CVE-2023-44251"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests. ** Not supported ** This issue is a vulnerability in an unsupported product. fortinet\u0027s FortiWan Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWAN is a network device from the American company Fortinet. Used to perform load balancing and fault tolerance between different networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44251"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020075"
},
{
"db": "CNVD",
"id": "CNVD-2024-14773"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44251",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020075",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-14773",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-14773"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020075"
},
{
"db": "NVD",
"id": "CVE-2023-44251"
}
]
},
"id": "VAR-202312-1198",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-14773"
}
],
"trust": 1.11145834
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-14773"
}
]
},
"last_update_date": "2024-03-29T22:34:32.264000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FG-IR-23-265",
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-23-265"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020075"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020075"
},
{
"db": "NVD",
"id": "CVE-2023-44251"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44251"
},
{
"trust": 1.0,
"url": "https://fortiguard.com/psirt/fg-ir-23-265"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-14773"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020075"
},
{
"db": "NVD",
"id": "CVE-2023-44251"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-14773"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-020075"
},
{
"db": "NVD",
"id": "CVE-2023-44251"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-14773"
},
{
"date": "2024-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-020075"
},
{
"date": "2023-12-13T09:15:34.280000",
"db": "NVD",
"id": "CVE-2023-44251"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-14773"
},
{
"date": "2024-01-16T01:51:00",
"db": "JVNDB",
"id": "JVNDB-2023-020075"
},
{
"date": "2023-12-18T17:34:13.253000",
"db": "NVD",
"id": "CVE-2023-44251"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fortinet\u0027s \u00a0FortiWan\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-020075"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…