Vulnerabilities > CVE-2023-22636 - Unspecified vulnerability in Fortinet Fortiweb

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

fortinet

NVD

Published: 2023-02-27

Updated: 2023-11-07

Summary

An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.

Vulnerable Configurations

Part	Description	Count
Application	Fortinet Fortinet Fortiweb 6.3.6 Fortinet Fortiweb 6.3.7 Fortinet Fortiweb 6.3.8 Fortinet Fortiweb 6.3.9 Fortinet Fortiweb 6.3.10 Fortinet Fortiweb 6.3.11 Fortinet Fortiweb 6.3.12 Fortinet Fortiweb 6.3.13 Fortinet Fortiweb 6.3.14 Fortinet Fortiweb 6.3.15 Fortinet Fortiweb 6.3.16 Fortinet Fortiweb 6.3.17 Fortinet Fortiweb 6.3.18 Fortinet Fortiweb 6.3.19 Fortinet Fortiweb 6.3.20 Fortinet Fortiweb 6.4.0 Fortinet Fortiweb 6.4.1 Fortinet Fortiweb 6.4.2 Fortinet Fortiweb 7.0.0 Fortinet Fortiweb 7.0.1 Fortinet Fortiweb 7.0.2 Fortinet Fortiweb 7.0.3	22

References

https://fortiguard.com/psirt/FG-IR-22-460