Overview
- Description
- Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.
- Source
- psirt@fortinet.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CB8E1AB-AA67-4AA8-8895-E8D95A1DA963",
"versionEndIncluding": "6.2.4",
"versionStartIncluding": "5.1.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D78A58AA-5F2F-4CC3-8299-EC320E36CF5E"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE3123F6-4360-45F8-9A90-C0D35CC73D1D"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5720B3B-3C57-43E6-B453-65851A46E724"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B35D8D53-448B-474C-B7CB-324CB4ED7A82"
}
],
"operator": "OR"
}
]
}
]