Vulnerability Details CVE-2022-23447
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.3%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2022-23447
-
cpe:2.3:h:fortinet:fortiextender:-
-
cpe:2.3:o:fortinet:fortiextender_firmware:3.2.3
-
cpe:2.3:o:fortinet:fortiextender_firmware:3.3.2
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.0.2
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.1
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.2
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.3
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.4
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.5
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.6
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.7
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.1.8
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.2.0
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.2.1
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.2.2
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.2.3
-
cpe:2.3:o:fortinet:fortiextender_firmware:4.2.4
-
cpe:2.3:o:fortinet:fortiextender_firmware:5.3.2
-
cpe:2.3:o:fortinet:fortiextender_firmware:7.0.0
-
cpe:2.3:o:fortinet:fortiextender_firmware:7.0.1
-
cpe:2.3:o:fortinet:fortiextender_firmware:7.0.2
-
cpe:2.3:o:fortinet:fortiextender_firmware:7.0.3