CVE-2022-22297

MEDIUM Year: 2022
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-792
View all →

Vulnerability Description

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.

Related Vulnerabilities

CVE-2023-20057

MEDIUM
CVSS:5.3(Medium)

A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters o...

CWE-7922023

CVE-2023-25608

MEDIUM
CVSS:6.5(Medium)

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1...

CWE-7922023

CVE-2023-25608

MEDIUM
CVSS:6.5(Medium)

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1...

CWE-7922023

CVE-2023-20057

MEDIUM
CVSS:5.3(Medium)

A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters o...

CWE-7922023