Headline
CVE-2022-23447: Fortiguard
An improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
** PSIRT Advisories**
FortiExtender - Path Traversal vulnerability
Summary
An improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability [CWE-22] in FortiExtender management interface may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
Affected Products
FortiExtender version 7.0.0 through 7.0.3
FortiExtender version 4.2.0 through 4.2.4
FortiExtender version 4.1.1 through 4.1.8
FortiExtender version 4.0.0 through 4.0.2
FortiExtender version 3.3.0 through 3.3.2
FortiExtender version 3.2.1 through 3.2.3
FortiExtender 5.3 all versions
Solutions
Please upgrade to FortiExtender version 7.2.0 or above
Please upgrade to FortiExtender version 7.0.4 or above
Please upgrade to FortiExtender version 4.2.5 or above
Please upgrade to FortiExtender version 4.1.9 or above
Please upgrade to FortiExtender version 4.0.3 or above
Please upgrade to FortiExtender version 3.3.3 or above
Please upgrade to FortiExtender version 3.2.4 or above
Acknowledgement
Fortinet is pleased to thank Bicking Thomas from TÜV Rheinland i-sec GmbH for reporting this vulnerability under responsible disclosure.
Timeline
2023-07-07: Initial publication