CVE-2023-44251

Summary

CVE-2023-44251 is an improper limitation of a pathname to a restricted directory ('path traversal') vulnerability found in Fortinet FortiWAN versions 5.2.0 through 5.2.1 and versions 5.1.1 through 5.1.2. This vulnerability allows an authenticated attacker to read and delete arbitrary files on the system by sending crafted HTTP or HTTPS requests. The affected products include t1qrQh, t1qrQg, t1qrQi, and t1qrQf. The base severity of this vulnerability is rated as HIGH with a CVSS score of 8.3. The potential danger it poses to organizations is a compromise of confidentiality due to the ability to access sensitive files, which could result in unauthorized access to data or even system compromise if exploited successfully. It is advised to update the FortiWAN software to a patched version provided by Fortinet to remediate this vulnerability effectively and minimize the risk of exploitation. Note: The information provided here is based on the available data about CVE-2023-44251 and does not contain any subjective statements or opinions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.