CVE-2022-33876

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.

Published: Dec 6, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-33876
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-20
CWE-444

Affected Software
References

Software	From	Fixed in
fortinet / fortiadc	7.0.1	7.0.1.x
fortinet / fortiadc	7.0.0	7.0.0.x
fortinet / fortiadc	7.1.0	7.1.0.x
fortinet / fortiadc	7.0.2	7.0.2.x
fortinet / fortiadc	5.1.0	6.2.4.x

https://fortiguard.com/psirt/FG-IR-22-253

Vulnerability Database

289,697

CVE-2022-33876