An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NFortinet Fortiextender
HWFortinetwszystkie wersjeFortinet Fortiextender Firmware
OSFortinet5.3.24.0.0 – 4.0.3 (bez)4.1.1 – 4.1.9 (bez)3.2.1 – 3.2.4 (bez)7.0.0 – 7.0.4 (bez)4.2.0 – 4.2.5 (bez)3.3.0 – 3.3.3 (bez)
Powiązane podatności
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet Forti...
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0...
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet Forti...
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtende...
A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1...