CVE Vulnerability

CVE-2022-30301

A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands.

6.7 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://fortiguard.com/psirt/FG-IR-22-109 Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-u:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-u:5.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-u:5.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-u:5.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-u:5.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*
Information

Published : 2022-07-19 02:15

Updated : 2022-07-27 12:04

NVD link : CVE-2022-30301

Mitre link : CVE-2022-30301

Products Affected

Fortiap-u

Fortinet

CWE
CWE-22