FortiWeb - Unauthorized Configuration Download Vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-22-460
Final
1
1
2023-02-16T00:00:00
Current version
2023-02-16T00:00:00
2023-02-16T00:00:00
An unauthorized configuration download vulnerability [CWE-285] in FortiWeb may allow a local attacker to access confidential configuration files via a crafted http request.
None
Execute unauthorized code or commands
FortiWeb version 7.0.0 through 7.0.4FortiWeb version 6.4.0 through 6.4.2FortiWeb version 6.3.6 through 6.3.21
Please upgrade to FortiWeb version 7.0.5 or above.Please upgrade to FortiWeb version 7.2.0 or above.
Internally discovered and reported by Yonghui Han of Fortinet IPS team.
FortiWeb 7.0.4
FortiWeb 7.0.3
FortiWeb 7.0.2
FortiWeb 7.0.1
FortiWeb 7.0.0
FortiWeb 6.4.3
FortiWeb 6.4.2
FortiWeb 6.4.1
FortiWeb 6.4.0
FortiWeb 6.3.23
FortiWeb 6.3.22
FortiWeb 6.3.21
FortiWeb 6.3.20
FortiWeb 6.3.19
FortiWeb 6.3.18
FortiWeb 6.3.17
FortiWeb 6.3.16
FortiWeb 6.3.15
FortiWeb 6.3.14
FortiWeb 6.3.13
FortiWeb 6.3.12
FortiWeb 6.3.11
FortiWeb 6.3.10
FortiWeb 6.3.9
FortiWeb 6.3.8
FortiWeb 6.3.7
FortiWeb 6.3.6
FortiWeb - Unauthorized Configuration Download Vulnerability
CVE-2023-22636
FortiWeb-7.0.4
FortiWeb-7.0.3
FortiWeb-7.0.2
FortiWeb-7.0.1
FortiWeb-7.0.0
FortiWeb-6.4.3
FortiWeb-6.4.2
FortiWeb-6.4.1
FortiWeb-6.4.0
FortiWeb-6.3.23
FortiWeb-6.3.22
FortiWeb-6.3.21
FortiWeb-6.3.20
FortiWeb-6.3.19
FortiWeb-6.3.18
FortiWeb-6.3.17
FortiWeb-6.3.16
FortiWeb-6.3.15
FortiWeb-6.3.14
FortiWeb-6.3.13
FortiWeb-6.3.12
FortiWeb-6.3.11
FortiWeb-6.3.10
FortiWeb-6.3.9
FortiWeb-6.3.8
FortiWeb-6.3.7
FortiWeb-6.3.6
6.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-22-460
FortiWeb - Unauthorized Configuration Download Vulnerability
Reference>