CVE-2022-30302

2022-07-1914:15:08

CWE-22

[email protected]

web.nvd.nist.gov

path traversal

fortideceptor

remote attacker

authenticated

file retrieval

file deletion

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

34.6%

JSON

Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests.

Affected configurations

Nvd

Node

fortinetfortideceptorRange1.0.0–3.2.2

fortinetfortideceptorRange3.3.0–3.3.2

fortinetfortideceptorMatch4.0.0

fortinetfortideceptorMatch4.0.1

VendorProductVersionCPE
fortinetfortideceptor*cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*
fortinetfortideceptor4.0.0cpe:2.3:a:fortinet:fortideceptor:4.0.0:*:*:*:*:*:*:*
fortinetfortideceptor4.0.1cpe:2.3:a:fortinet:fortideceptor:4.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortideceptor	*	cpe:2.3:a:fortinet:fortideceptor::::::::
fortinet	fortideceptor	4.0.0	cpe:2.3:a:fortinet:fortideceptor:4.0.0:::::::*
fortinet	fortideceptor	4.0.1	cpe:2.3:a:fortinet:fortideceptor:4.0.1:::::::*