{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-25606","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-02-08T13:42:03.366Z","datePublished":"2023-07-11T16:52:51.034Z","dateUpdated":"2024-10-22T20:41:02.251Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.1","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.5","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.10","status":"affected"}]},{"vendor":"Fortinet","product":"FortiAnalyzer","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.1","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.5","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.10","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4  all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-07-11T16:52:51.034Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-22","description":"Information disclosure","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.2,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiManager version 7.2.2 or above Please upgrade to FortiManager version 7.0.7 or above Please upgrade to FortiManager version 6.4.12 or above Please upgrade to FortiAnalyzer version 7.2.2 or above Please upgrade to FortiAnalyzer version 7.0.7 or above Please upgrade to FortiAnalyzer version 6.4.12 or above "}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-471","url":"https://fortiguard.com/psirt/FG-IR-22-471"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T11:25:19.249Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-471","url":"https://fortiguard.com/psirt/FG-IR-22-471","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-22T20:17:49.736572Z","id":"CVE-2023-25606","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T20:41:02.251Z"}}]}}