- Description
- A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.
- Source
- psirt@fortinet.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-22
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D909C90B-E136-4E8E-B551-FE0369172C1E"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79FEE7F6-F72E-4A43-883C-0CF492DF355B"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBDFDF02-2136-4DE0-A19B-FE3654ED90A4"
}
],
"operator": "OR"
}
]
}
]