{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-33876","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","requesterUserId":"a0475cc0-be89-4a25-97b3-d1b8023a8677","dateReserved":"2022-06-16T11:14:43.764Z","datePublished":"2022-12-06T16:01:01.740Z","dateUpdated":"2024-10-22T20:51:21.951Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiADC","defaultStatus":"unaffected","versions":[{"version":"7.1.0","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.2","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.4","status":"affected"},{"versionType":"semver","version":"6.1.0","lessThanOrEqual":"6.1.6","status":"affected"},{"versionType":"semver","version":"6.0.0","lessThanOrEqual":"6.0.4","status":"affected"},{"versionType":"semver","version":"5.4.0","lessThanOrEqual":"5.4.5","status":"affected"},{"versionType":"semver","version":"5.3.0","lessThanOrEqual":"5.3.7","status":"affected"},{"versionType":"semver","version":"5.2.0","lessThanOrEqual":"5.2.8","status":"affected"},{"versionType":"semver","version":"5.1.0","lessThanOrEqual":"5.1.7","status":"affected"}]}],"descriptions":[{"lang":"en","value":"Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2022-12-06T16:01:01.740Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-20","description":"Improper access control","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:X/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiADC version 7.1.1 or above Please upgrade to FortiADC version 7.0.3 or above Please upgrade to FortiADC version 6.2.5 or above "}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-253","url":"https://fortiguard.com/psirt/FG-IR-22-253"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T08:09:22.726Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-253","url":"https://fortiguard.com/psirt/FG-IR-22-253","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-22T20:18:49.792379Z","id":"CVE-2022-33876","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T20:51:21.951Z"}}]}}