CVE-2023-44251

CVSS 3.1 Score 8.3 of 10 (high)

Details

Published Dec 13, 2023
Updated: Dec 18, 2023
CWE ID 22

Summary

CVE-2023-44251 is an improper limitation of a pathname to a restricted directory ('path traversal') vulnerability found in Fortinet FortiWAN versions 5.2.0 through 5.2.1 and versions 5.1.1 through 5.1.2. This vulnerability allows an authenticated attacker to read and delete arbitrary files on the system by sending crafted HTTP or HTTPS requests. The affected products include t1qrQh, t1qrQg, t1qrQi, and t1qrQf. The base severity of this vulnerability is rated as HIGH with a CVSS score of 8.3. The potential danger it poses to organizations is a compromise of confidentiality due to the ability to access sensitive files, which could result in unauthorized access to data or even system compromise if exploited successfully. It is advised to update the FortiWAN software to a patched version provided by Fortinet to remediate this vulnerability effectively and minimize the risk of exploitation. Note: The information provided here is based on the available data about CVE-2023-44251 and does not contain any subjective statements or opinions.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-44251 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options