Lucene search

FortinetVULNRICHMENT:CVE-2023-25608

HistorySep 13, 2023 - 12:28 p.m.

CVE-2023-25608

2023-09-1312:28:51

CWE-792

fortinet

github.com

incomplete filtering vulnerability

fortiap-w2

fortiap-c

fortiap

fortiap-u

command line interpreter

authenticated attacker

arbitrary files

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.

References

fortiguard.com/psirt/FG-IR-22-120

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-25608