Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-41328 (GCVE-0-2022-41328)
Vulnerability from cvelistv5 – Published: 2023-03-07 16:04 – Updated: 2025-10-21 23:15
VLAI?
EPSS
Summary
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.
Severity ?
CWE
- CWE-22 - Execute unauthorized code or commands
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:42:46.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-369",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-369"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41328",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:25:59.359904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-03-14",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41328"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:24.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41328"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-14T00:00:00+00:00",
"value": "CVE-2022-41328 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.11",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.13",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.16",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper limitation of a pathname to a restricted directory vulnerability (\u0027path traversal\u0027) [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T16:04:52.461Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-369",
"url": "https://fortiguard.com/psirt/FG-IR-22-369"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.10 or above\r\nPlease upgrade to FortiOS version 6.4.12 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-41328",
"datePublished": "2023-03-07T16:04:52.461Z",
"dateReserved": "2022-09-23T15:07:35.781Z",
"dateUpdated": "2025-10-21T23:15:24.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2022-41328",
"cwes": "[\"CWE-22\"]",
"dateAdded": "2023-03-14",
"dueDate": "2023-04-04",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://www.fortiguard.com/psirt/FG-IR-22-369; https://nvd.nist.gov/vuln/detail/CVE-2022-41328",
"product": "FortiOS",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.",
"vendorProject": "Fortinet",
"vulnerabilityName": "Fortinet FortiOS Path Traversal Vulnerability"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-22-369\", \"name\": \"https://fortiguard.com/psirt/FG-IR-22-369\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:42:46.124Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41328\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T13:25:59.359904Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-03-14\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41328\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-03-14T00:00:00+00:00\", \"value\": \"CVE-2022-41328 added to CISA KEV\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T13:26:20.886Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"FortiOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.3\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.9\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.4.11\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.2.13\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0.16\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiOS version 7.2.4 or above\\r\\nPlease upgrade to FortiOS version 7.0.10 or above\\r\\nPlease upgrade to FortiOS version 6.4.12 or above\"}], \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-22-369\", \"name\": \"https://fortiguard.com/psirt/FG-IR-22-369\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A improper limitation of a pathname to a restricted directory vulnerability (\u0027path traversal\u0027) [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"Execute unauthorized code or commands\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2023-03-07T16:04:52.461Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-41328\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T18:45:26.988Z\", \"dateReserved\": \"2022-09-23T15:07:35.781Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2023-03-07T16:04:52.461Z\", \"assignerShortName\": \"fortinet\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2023-ALE-001
Vulnerability from certfr_alerte - Published: 2023-03-14 - Updated: 2023-03-14
Le 07 mars 2023, Fortinet a publié un avis de sécurité détaillant l’existence d’une vulnérabilité de type traversée de chemin (path traversal) permettant à un attaquant authentifié avec un compte à privilèges de lire et d'écrire des fichiers arbitrairement au travers de l'interface en ligne de commande.
Le 09 mars 2023, Fortinet a publié un billet sur son blog détaillant l'analyse de la compromission de plateformes de pare-feux FortiGate avec le système FortiOS par l'exploitation de la vulnérabilité CVE-2022-41328 détaillé dans l'avis FG-IR-22-369.
Fortinet indique que cette vulnérabilité est activement exploitée dans le cadre d'attaques ciblées. C'est lors d'une réponse à incident impliquant des pare-feux FortiGate gérés par une console FortiManager que les équipes de Fortinet ont pu identifier les informations ci-dessous :
- Le vecteur de compromission initial semble provenir de la console FortiManager, ceci est déduit par la temporalité et la ressemblance des attaques simultanées sur différents pare-feux gérés par la même console ;
- Le fichier /sbin/init est modifié et le fichier /bin/fgfm est créé, notamment pour assurer la persistance et ajouter des fonctionnalités de contrôle ;
- Dans les cas connus de l'éditeur, les pare-feux impactés ont été brutalement arrêtés et leur redémarrage a été empêché par une protection du système contre la modification du microgiciel (option FIPS).
Remarque : les moyens ayant permis la prise de contrôle de la console FortiManager ne sont pas précisés par l'éditeur (vols d'identifiants, exploitation d'une vulnérabilité précédente, ...).
Pour rappel, le CERT-FR recommande de mettre en place une infrastructure sécurisée pour l'administration des équipements et des services [1].
Solution
Le CERT-FR recommande fortement d’appliquer les correctifs fournis par l’éditeur, se référer à l’avis émis par le CERT-FR [2] pour plus d’informations.
L'application seule des correctifs n'est pas suffisante puisque les attaquants disposent de moyens de persistance leur permettant de se connecter ultérieurement au système.
Il est recommandé d'effectuer une analyse des systèmes FortiGate et FortiManager, notamment à l'aide des indicateurs de compromission fournis par l'éditeur dans son billet de blog et dans les précédents avis de sécurité émis. Ces marqueurs sont donnés à titre indicatif et n'ont pas été vérifiés par le CERT-FR.
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiOS versions 6.x ant\u00e9rieures \u00e0 6.4.12",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2023-07-26",
"content": "## Solution\n\nLe CERT-FR recommande fortement d\u2019appliquer les correctifs fournis par\nl\u2019\u00e9diteur, se r\u00e9f\u00e9rer \u00e0 l\u2019avis \u00e9mis par le CERT-FR \\[2\\] pour plus\nd\u2019informations.\n\nL\u0027application seule des correctifs n\u0027est pas suffisante puisque les\nattaquants disposent de moyens de persistance leur permettant de se\nconnecter ult\u00e9rieurement au syst\u00e8me.\n\nIl est recommand\u00e9 d\u0027effectuer une analyse des syst\u00e8mes FortiGate et\nFortiManager, notamment \u00e0 l\u0027aide des indicateurs de compromission\nfournis par l\u0027\u00e9diteur dans son billet de blog et dans les pr\u00e9c\u00e9dents\navis de s\u00e9curit\u00e9 \u00e9mis. Ces marqueurs sont donn\u00e9s \u00e0 titre indicatif et\nn\u0027ont pas \u00e9t\u00e9 v\u00e9rifi\u00e9s par le CERT-FR.\n",
"cves": [
{
"name": "CVE-2022-41328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41328"
}
],
"initial_release_date": "2023-03-14T00:00:00",
"last_revision_date": "2023-03-14T00:00:00",
"links": [
{
"title": "[2] Avis CERT-FR\u00a0CERTFR-2023-AVI-0199 du 08 mars 2023",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0199/"
},
{
"title": "[1] Recommandations relatives \u00e0 l\u2019administration s\u00e9curis\u00e9e des syst\u00e8mes d\u2019information",
"url": "https://www.ssi.gouv.fr/administration/guide/securiser-ladministration-des-systemes-dinformation/"
},
{
"title": "Le guide d\u0027hygi\u00e8ne informatique",
"url": "https://www.ssi.gouv.fr/uploads/2017/01/guide_hygiene_informatique_anssi.pdf"
},
{
"title": "Billet de blog Fortinet portant sur l\u0027analyse de la vuln\u00e9rabilit\u00e9 de l\u0027avis FG-IR-22-369 du 09 mars 2023",
"url": "https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis"
},
{
"title": "Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
"url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
}
],
"reference": "CERTFR-2023-ALE-001",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Le 07 mars 2023, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 d\u00e9taillant\nl\u2019existence d\u2019une vuln\u00e9rabilit\u00e9\u00a0de type travers\u00e9e de chemin (*path\ntraversal*) permettant \u00e0 un attaquant authentifi\u00e9 avec un compte \u00e0\nprivil\u00e8ges de lire et d\u0027\u00e9crire des fichiers arbitrairement au travers de\nl\u0027interface en ligne de commande.\n\nLe 09 mars 2023, Fortinet a publi\u00e9 un billet sur son blog d\u00e9taillant\nl\u0027analyse de la compromission de plateformes de pare-feux FortiGate avec\nle syst\u00e8me FortiOS par l\u0027exploitation de la vuln\u00e9rabilit\u00e9 CVE-2022-41328\nd\u00e9taill\u00e9 dans l\u0027avis FG-IR-22-369.\n\nFortinet indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e dans\nle cadre d\u0027attaques cibl\u00e9es. C\u0027est lors d\u0027une r\u00e9ponse \u00e0 incident\nimpliquant des pare-feux FortiGate g\u00e9r\u00e9s par une console FortiManager\nque les \u00e9quipes de Fortinet ont pu identifier les informations\nci-dessous :\n\n- Le vecteur de compromission initial semble provenir de la console\n FortiManager, ceci est d\u00e9duit par la temporalit\u00e9 et la ressemblance\n des attaques simultan\u00e9es sur diff\u00e9rents pare-feux g\u00e9r\u00e9s par la m\u00eame\n console ;\n- Le fichier\u00a0*/sbin/init* est modifi\u00e9 et le fichier */bin/fgfm* est\n cr\u00e9\u00e9, notamment pour assurer la persistance et ajouter des\n fonctionnalit\u00e9s de contr\u00f4le ;\n- Dans les cas connus de l\u0027\u00e9diteur, les pare-feux impact\u00e9s ont \u00e9t\u00e9\n brutalement arr\u00eat\u00e9s et leur red\u00e9marrage a \u00e9t\u00e9 emp\u00each\u00e9 par une\n protection du syst\u00e8me contre la modification du microgiciel (option\n FIPS).\n\nRemarque : les moyens ayant permis la prise de contr\u00f4le de la console\nFortiManager ne sont pas pr\u00e9cis\u00e9s par l\u0027\u00e9diteur\u00a0 (vols d\u0027identifiants,\nexploitation d\u0027une vuln\u00e9rabilit\u00e9 pr\u00e9c\u00e9dente, ...).\n\n\u003cspan class=\"mx_EventTile_body\" dir=\"auto\"\u003ePour rappel\u003c/span\u003e, le\nCERT-FR recommande de mettre en place une infrastructure s\u00e9curis\u00e9e pour\nl\u0027administration des \u00e9quipements et des services \\[1\\].\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-369 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-369"
}
]
}
GHSA-PRJ2-6G47-X68H
Vulnerability from github – Published: 2023-03-07 18:30 – Updated: 2025-10-22 00:32
VLAI?
Details
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.
Severity ?
7.1 (High)
{
"affected": [],
"aliases": [
"CVE-2022-41328"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-07T17:15:00Z",
"severity": "HIGH"
},
"details": "A improper limitation of a pathname to a restricted directory vulnerability (\u0027path traversal\u0027) [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.",
"id": "GHSA-prj2-6g47-x68h",
"modified": "2025-10-22T00:32:43Z",
"published": "2023-03-07T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41328"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-22-369"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41328"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2022-41328
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-41328",
"id": "GSD-2022-41328"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-41328"
],
"details": "A improper limitation of a pathname to a restricted directory vulnerability (\u0027path traversal\u0027) [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.",
"id": "GSD-2022-41328",
"modified": "2023-12-13T01:19:32.595947Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2022-41328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "7.2.0",
"version_value": "7.2.3"
},
{
"version_affected": "\u003c=",
"version_name": "7.0.0",
"version_value": "7.0.9"
},
{
"version_affected": "\u003c=",
"version_name": "6.4.0",
"version_value": "6.4.11"
},
{
"version_affected": "\u003c=",
"version_name": "6.2.0",
"version_value": "6.2.13"
},
{
"version_affected": "\u003c=",
"version_name": "6.0.0",
"version_value": "6.0.16"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A improper limitation of a pathname to a restricted directory vulnerability (\u0027path traversal\u0027) [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-22",
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-369",
"refsource": "MISC",
"url": "https://fortiguard.com/psirt/FG-IR-22-369"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.10 or above\r\nPlease upgrade to FortiOS version 6.4.12 or above"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.16",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.11",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.3",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.13",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0.9",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2022-41328"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A improper limitation of a pathname to a restricted directory vulnerability (\u0027path traversal\u0027) [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-369",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-369"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2023-03-14T15:20Z",
"publishedDate": "2023-03-07T17:15Z"
}
}
}
CERTFR-2023-AVI-0199
Vulnerability from certfr_avis - Published: 2023-03-08 - Updated: 2023-03-09
De multiples vulnérabilités ont été découvertes dans Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS), un contournement de la politique de sécurité, un déni de service à distance, une élévation de privilèges, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiManager | FortiManager versions 6.0.x antérieures à 6.0.5 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiRecorder | FortiRecorder versions antérieures à 7.0.0 | ||
| Fortinet | FortiPortal | FortiPortal versions 6.0.x antérieures à 6.0.10 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.4.x antérieures à 6.4.2 | ||
| Fortinet | FortiMail | FortiMail versions 6.0.x antérieures à 6.0.10 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.4.x antérieures à 6.4.11 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.0.x antérieures à 6.0.5 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.2.x antérieures à 9.2.7 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.4.0 | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antérieures à 6.2.13 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.3.x antérieures à 6.3.21 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.4.x antérieures à 9.4.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.2.x antérieures à 6.2.0 | ||
| Fortinet | FortiMail | FortiMail versions 6.2.x antérieures à 6.2.5 | ||
| Fortinet | N/A | FortiAuthenticator versions antérieures à 6.5.0 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.4.x antérieures à 6.4.4 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 6.2.x antérieures à 6.2.13 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.4.x antérieures à 6.4.11 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiMail | FortiMail versions 6.4.x antérieures à 6.4.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 7.2.0 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 6.4.x antérieures à 6.4.12 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.0.x antérieures à 6.0.12 | ||
| Fortinet | FortiNAC | FortiNAC versions antérieures à 7.2.0 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions antérieures à 3.2.0 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 6.2.0 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.3.x antérieures à 7.3.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.12 | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.12 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.1.x antérieures à 9.1.9 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.10 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiManager versions 6.0.x ant\u00e9rieures \u00e0 6.0.5",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.0",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.10",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.0.x ant\u00e9rieures \u00e0 6.0.10",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.0.x ant\u00e9rieures \u00e0 6.0.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.7",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.21",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.2",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.2.x ant\u00e9rieures \u00e0 6.2.0",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.2.x ant\u00e9rieures \u00e0 6.2.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.2.0",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 6.2.0",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.12",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.1.x ant\u00e9rieures \u00e0 9.1.9",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-29056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29056"
},
{
"name": "CVE-2022-41329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41329"
},
{
"name": "CVE-2022-41328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41328"
},
{
"name": "CVE-2022-27490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27490"
},
{
"name": "CVE-2022-41333",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41333"
},
{
"name": "CVE-2023-25611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25611"
},
{
"name": "CVE-2022-39953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39953"
},
{
"name": "CVE-2023-23776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23776"
},
{
"name": "CVE-2022-42476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42476"
},
{
"name": "CVE-2022-22297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22297"
},
{
"name": "CVE-2022-39951",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39951"
},
{
"name": "CVE-2022-45861",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45861"
},
{
"name": "CVE-2022-40676",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40676"
},
{
"name": "CVE-2023-25605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25605"
},
{
"name": "CVE-2023-25610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25610"
}
],
"initial_release_date": "2023-03-08T00:00:00",
"last_revision_date": "2023-03-09T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0199",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-08T00:00:00.000000"
},
{
"description": "Correction mineure dans la partie r\u00e9sum\u00e9",
"revision_date": "2023-03-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eFortinet\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une injection de\ncode indirecte \u00e0 distance (XSS), un contournement de la politique de\ns\u00e9curit\u00e9, un d\u00e9ni de service \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-078 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-078"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-447 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-447"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-488 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-488"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-369 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-369"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-477 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-477"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-254 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-254"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-388 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-388"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-401 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-401"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-050 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-050"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-281 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-281"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-001 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-001"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-218 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-218"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-232 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-18-232"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-309 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-309"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-364 du 07 mars 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-364"
}
]
}
CERTFR-2024-AVI-0203
Vulnerability from certfr_avis - Published: 2024-03-12 - Updated: 2024-03-12
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Cerberus PRO EN Engineering Tool versions antérieures à IP8 | ||
| Siemens | N/A | SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | Sinteso FS20 EN Fire Panel FC20 versions antérieures à MP8 | ||
| Siemens | N/A | RUGGEDCOM APE1808 avec Fortinet NGFW versions antérieures à V7.4.1 | ||
| Siemens | N/A | Sinteso FS20 EN X200 Cloud Distribution versions V4.0.x antérieures à V4.0.5016 | ||
| Siemens | N/A | Cerberus PRO EN X200 Cloud Distribution versions V4.0.x antérieures à V4.0.5016 | ||
| Siemens | N/A | SENTRON 3KC ATC6 Expansion Module Ethernet toutes versions | ||
| Siemens | N/A | Sinteso FS20 EN Engineering Tool versions antérieures à MP8 | ||
| Siemens | N/A | SIMATIC RF160B (6GT2003-0FA00) versions antérieures à V2.2 | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antérieures à V3.2 | ||
| Siemens | N/A | Solid Edge versions antérieures à V223.0.11 | ||
| Siemens | N/A | Siveillance Control versions supérieures ou égales à V2.8 versions antérieures à V3.1.1 | ||
| Siemens | N/A | Cerberus PRO EN X300 Cloud Distribution versions V4.3.x antérieures à V4.3.5617 | ||
| Siemens | N/A | Cerberus PRO EN Fire Panel FC72x versions antérieures à IP8 | ||
| Siemens | N/A | SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | Sinteso FS20 EN X300 Cloud Distribution versions V4.2.x antérieures à V4.2.5015 | ||
| Siemens | N/A | SINEMA Remote Connect Client versions antérieures à V3.1 SP1 | ||
| Siemens | N/A | SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | Cerberus PRO EN X300 Cloud Distribution versions V4.2.x antérieures à V4.2.5015 | ||
| Siemens | N/A | Sinteso FS20 EN X200 Cloud Distribution versions V4.3.x antérieures à V4.3.5618 | ||
| Siemens | N/A | Cerberus PRO EN X200 Cloud Distribution versions V4.3.x antérieures à V4.3.5618 | ||
| Siemens | N/A | Sinteso FS20 EN X300 Cloud Distribution versions V4.3.x antérieures à V4.3.5617 | ||
| Siemens | N/A | Sinteso Mobile versions antérieures à V3.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cerberus PRO EN Engineering Tool versions ant\u00e9rieures \u00e0 IP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN Fire Panel FC20 versions ant\u00e9rieures \u00e0 MP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 avec Fortinet NGFW versions ant\u00e9rieures \u00e0 V7.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X200 Cloud Distribution versions V4.0.x ant\u00e9rieures \u00e0 V4.0.5016",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X200 Cloud Distribution versions V4.0.x ant\u00e9rieures \u00e0 V4.0.5016",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 3KC ATC6 Expansion Module Ethernet toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN Engineering Tool versions ant\u00e9rieures \u00e0 MP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF160B (6GT2003-0FA00) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge versions ant\u00e9rieures \u00e0 V223.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Control versions sup\u00e9rieures ou \u00e9gales \u00e0 V2.8 versions ant\u00e9rieures \u00e0 V3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X300 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5617",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN Fire Panel FC72x versions ant\u00e9rieures \u00e0 IP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X300 Cloud Distribution versions V4.2.x ant\u00e9rieures \u00e0 V4.2.5015",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Client versions ant\u00e9rieures \u00e0 V3.1 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X300 Cloud Distribution versions V4.2.x ant\u00e9rieures \u00e0 V4.2.5015",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X200 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5618",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X200 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5618",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X300 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5617",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso Mobile versions ant\u00e9rieures \u00e0 V3.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0646"
},
{
"name": "CVE-2017-18509",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18509"
},
{
"name": "CVE-2021-0599",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0599"
},
{
"name": "CVE-2021-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0443"
},
{
"name": "CVE-2022-20462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20462"
},
{
"name": "CVE-2021-0598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0598"
},
{
"name": "CVE-2021-0438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0438"
},
{
"name": "CVE-2021-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0651"
},
{
"name": "CVE-2021-0585",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0585"
},
{
"name": "CVE-2021-0331",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0331"
},
{
"name": "CVE-2021-0509",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0509"
},
{
"name": "CVE-2021-0601",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0601"
},
{
"name": "CVE-2021-0478",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0478"
},
{
"name": "CVE-2021-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0397"
},
{
"name": "CVE-2021-0600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0600"
},
{
"name": "CVE-2021-0928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0928"
},
{
"name": "CVE-2021-0484",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0484"
},
{
"name": "CVE-2023-36641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36641"
},
{
"name": "CVE-2021-0642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0642"
},
{
"name": "CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2022-41329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41329"
},
{
"name": "CVE-2021-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0597"
},
{
"name": "CVE-2020-24587",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
},
{
"name": "CVE-2017-14491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"name": "CVE-2022-20421",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20421"
},
{
"name": "CVE-2021-0593",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0593"
},
{
"name": "CVE-2022-20498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20498"
},
{
"name": "CVE-2021-0473",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0473"
},
{
"name": "CVE-2022-41328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41328"
},
{
"name": "CVE-2022-42474",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42474"
},
{
"name": "CVE-2021-0870",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0870"
},
{
"name": "CVE-2020-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0417"
},
{
"name": "CVE-2020-29660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29660"
},
{
"name": "CVE-2021-0604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0604"
},
{
"name": "CVE-2021-0522",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0522"
},
{
"name": "CVE-2021-39629",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39629"
},
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2021-38204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38204"
},
{
"name": "CVE-2022-20229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20229"
},
{
"name": "CVE-2023-33306",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33306"
},
{
"name": "CVE-2022-39948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39948"
},
{
"name": "CVE-2022-20423",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20423"
},
{
"name": "CVE-2021-0396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0396"
},
{
"name": "CVE-2021-0650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0650"
},
{
"name": "CVE-2021-0329",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0329"
},
{
"name": "CVE-2023-41675",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41675"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-27997",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"
},
{
"name": "CVE-2023-29183",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29183"
},
{
"name": "CVE-2021-0471",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0471"
},
{
"name": "CVE-2023-29181",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29181"
},
{
"name": "CVE-2021-0963",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0963"
},
{
"name": "CVE-2021-0327",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0327"
},
{
"name": "CVE-2021-0653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0653"
},
{
"name": "CVE-2021-0690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0690"
},
{
"name": "CVE-2021-39634",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39634"
},
{
"name": "CVE-2021-0596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0596"
},
{
"name": "CVE-2023-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47537"
},
{
"name": "CVE-2023-28002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28002"
},
{
"name": "CVE-2023-22641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22641"
},
{
"name": "CVE-2021-0919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0919"
},
{
"name": "CVE-2021-0968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0968"
},
{
"name": "CVE-2022-20500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20500"
},
{
"name": "CVE-2021-29647",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29647"
},
{
"name": "CVE-2021-0521",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0521"
},
{
"name": "CVE-2020-11301",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11301"
},
{
"name": "CVE-2021-0953",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0953"
},
{
"name": "CVE-2021-0926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0926"
},
{
"name": "CVE-2021-0961",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0961"
},
{
"name": "CVE-2023-26207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26207"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2021-0652",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0652"
},
{
"name": "CVE-2021-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0339"
},
{
"name": "CVE-2021-39627",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39627"
},
{
"name": "CVE-2021-0437",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0437"
},
{
"name": "CVE-2023-29179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29179"
},
{
"name": "CVE-2021-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0433"
},
{
"name": "CVE-2024-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22041"
},
{
"name": "CVE-2023-33305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33305"
},
{
"name": "CVE-2022-20473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20473"
},
{
"name": "CVE-2022-43947",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43947"
},
{
"name": "CVE-2023-41841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41841"
},
{
"name": "CVE-2021-0333",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0333"
},
{
"name": "CVE-2022-20483",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20483"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2024-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22045"
},
{
"name": "CVE-2022-42476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42476"
},
{
"name": "CVE-2023-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49125"
},
{
"name": "CVE-2021-0399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0399"
},
{
"name": "CVE-2023-33301",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33301"
},
{
"name": "CVE-2021-0476",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0476"
},
{
"name": "CVE-2021-0507",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0507"
},
{
"name": "CVE-2021-0390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0390"
},
{
"name": "CVE-2021-0444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0444"
},
{
"name": "CVE-2021-0520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0520"
},
{
"name": "CVE-2021-0586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0586"
},
{
"name": "CVE-2021-39633",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39633"
},
{
"name": "CVE-2021-0587",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0587"
},
{
"name": "CVE-2021-0952",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0952"
},
{
"name": "CVE-2022-20476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20476"
},
{
"name": "CVE-2020-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10768"
},
{
"name": "CVE-2022-20472",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20472"
},
{
"name": "CVE-2021-0326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0326"
},
{
"name": "CVE-2021-0929",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0929"
},
{
"name": "CVE-2022-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20227"
},
{
"name": "CVE-2021-0336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0336"
},
{
"name": "CVE-2023-44250",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44250"
},
{
"name": "CVE-2021-0506",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0506"
},
{
"name": "CVE-2021-0515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0515"
},
{
"name": "CVE-2022-20355",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20355"
},
{
"name": "CVE-2021-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0330"
},
{
"name": "CVE-2021-0688",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0688"
},
{
"name": "CVE-2021-0393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0393"
},
{
"name": "CVE-2024-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21762"
},
{
"name": "CVE-2021-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0512"
},
{
"name": "CVE-2023-29178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29178"
},
{
"name": "CVE-2022-20130",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20130"
},
{
"name": "CVE-2021-0519",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0519"
},
{
"name": "CVE-2021-0516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0516"
},
{
"name": "CVE-2021-39621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39621"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2022-42469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42469"
},
{
"name": "CVE-2021-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1972"
},
{
"name": "CVE-2021-1976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1976"
},
{
"name": "CVE-2022-41327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41327"
},
{
"name": "CVE-2021-0640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0640"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2023-36555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36555"
},
{
"name": "CVE-2022-20422",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20422"
},
{
"name": "CVE-2022-20468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20468"
},
{
"name": "CVE-2023-22640",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22640"
},
{
"name": "CVE-2021-0400",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0400"
},
{
"name": "CVE-2022-20469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20469"
},
{
"name": "CVE-2020-26558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
},
{
"name": "CVE-2021-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0706"
},
{
"name": "CVE-2021-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0682"
},
{
"name": "CVE-2021-0480",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0480"
},
{
"name": "CVE-2021-0429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0429"
},
{
"name": "CVE-2023-22639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22639"
},
{
"name": "CVE-2021-0683",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0683"
},
{
"name": "CVE-2022-20411",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20411"
},
{
"name": "CVE-2022-43953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43953"
},
{
"name": "CVE-2023-33307",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33307"
},
{
"name": "CVE-2021-0328",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0328"
},
{
"name": "CVE-2021-0684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0684"
},
{
"name": "CVE-2022-20466",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20466"
},
{
"name": "CVE-2023-40718",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40718"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2021-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0704"
},
{
"name": "CVE-2022-20127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20127"
},
{
"name": "CVE-2021-0436",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0436"
},
{
"name": "CVE-2021-0584",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0584"
},
{
"name": "CVE-2022-45861",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45861"
},
{
"name": "CVE-2021-0594",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0594"
},
{
"name": "CVE-2021-0591",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0591"
},
{
"name": "CVE-2021-0514",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0514"
},
{
"name": "CVE-2021-0511",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0511"
},
{
"name": "CVE-2021-0931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0931"
},
{
"name": "CVE-2024-21483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21483"
},
{
"name": "CVE-2020-15436",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
},
{
"name": "CVE-2023-45793",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45793"
},
{
"name": "CVE-2021-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0689"
},
{
"name": "CVE-2023-28001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28001"
},
{
"name": "CVE-2021-0970",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0970"
},
{
"name": "CVE-2021-0337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0337"
},
{
"name": "CVE-2022-32257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32257"
},
{
"name": "CVE-2023-36639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36639"
},
{
"name": "CVE-2021-39623",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39623"
},
{
"name": "CVE-2022-41330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41330"
},
{
"name": "CVE-2021-0508",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0508"
},
{
"name": "CVE-2021-0325",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0325"
},
{
"name": "CVE-2021-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0708"
},
{
"name": "CVE-2022-41334",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41334"
},
{
"name": "CVE-2024-23113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23113"
},
{
"name": "CVE-2020-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0338"
},
{
"name": "CVE-2020-26555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"name": "CVE-2021-0302",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0302"
},
{
"name": "CVE-2021-0589",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0589"
},
{
"name": "CVE-2021-0305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0305"
},
{
"name": "CVE-2023-33308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33308"
},
{
"name": "CVE-2023-29175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29175"
},
{
"name": "CVE-2021-0431",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0431"
},
{
"name": "CVE-2021-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0392"
},
{
"name": "CVE-2021-0474",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0474"
},
{
"name": "CVE-2021-0930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0930"
},
{
"name": "CVE-2021-39626",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39626"
},
{
"name": "CVE-2021-0967",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0967"
},
{
"name": "CVE-2023-25610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25610"
},
{
"name": "CVE-2023-37935",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37935"
},
{
"name": "CVE-2021-0695",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0695"
},
{
"name": "CVE-2024-22040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22040"
},
{
"name": "CVE-2021-0965",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0965"
},
{
"name": "CVE-2021-0513",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0513"
},
{
"name": "CVE-2021-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0434"
},
{
"name": "CVE-2021-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0687"
},
{
"name": "CVE-2021-0481",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0481"
},
{
"name": "CVE-2021-0964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0964"
},
{
"name": "CVE-2021-0641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0641"
},
{
"name": "CVE-2021-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0435"
},
{
"name": "CVE-2021-0334",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0334"
},
{
"name": "CVE-2021-0933",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0933"
},
{
"name": "CVE-2021-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0394"
},
{
"name": "CVE-2023-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29180"
},
{
"name": "CVE-2021-0588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0588"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2024-22039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22039"
},
{
"name": "CVE-2021-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0391"
},
{
"name": "CVE-2021-0510",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0510"
},
{
"name": "CVE-2021-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0692"
},
{
"name": "CVE-2024-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22044"
},
{
"name": "CVE-2020-14381",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
}
],
"initial_release_date": "2024-03-12T00:00:00",
"last_revision_date": "2024-03-12T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0203",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-792319 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-792319.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-918992 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-918992.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-353002 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-353002.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-653855 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-653855.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-225840 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-145196 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-145196.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-382651 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-382651.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-832273 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-366067 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-366067.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-770721 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-576771 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-576771.html"
}
]
}
FKIE_CVE-2022-41328
Vulnerability from fkie_nvd - Published: 2023-03-07 17:15 - Updated: 2025-10-24 12:54
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-369 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-369 | Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41328 | US Government Resource |
{
"cisaActionDue": "2023-04-04",
"cisaExploitAdd": "2023-03-14",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Fortinet FortiOS Path Traversal Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA5512D-6EE5-4DF3-A960-C02394F25225",
"versionEndIncluding": "6.0.16",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D539CF21-2985-4E9B-94E8-E0B696752291",
"versionEndExcluding": "6.2.14",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AA72D9-CD66-4628-92B5-6CDFCB8E0EEE",
"versionEndExcluding": "6.4.12",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB54D85-8A3B-4F40-A814-3636F2AC99F3",
"versionEndExcluding": "7.0.10",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7582B2FF-8EDC-4599-96F3-CFA7BAE1FCF5",
"versionEndExcluding": "7.2.4",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A improper limitation of a pathname to a restricted directory vulnerability (\u0027path traversal\u0027) [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands."
}
],
"id": "CVE-2022-41328",
"lastModified": "2025-10-24T12:54:24.560",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-07T17:15:12.093",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-369"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41328"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…