Overview
- Description
- A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D909C90B-E136-4E8E-B551-FE0369172C1E"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79FEE7F6-F72E-4A43-883C-0CF492DF355B"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBDFDF02-2136-4DE0-A19B-FE3654ED90A4"
}
],
"operator": "OR"
}
]
}
]