Severity
Medium
Analysis Summary
CVE-2022-22297
Fortinet FortiWeb and Fortinet FortiRecorder could allow a local authenticated attacker to obtain sensitive information, caused by incomplete filtering of one or more instances of special elements in the command-line interpreter. By sending specially-crafted command arguments, an attacker could exploit this vulnerability to read arbitrary files and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-22297
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiWeb 6.0.7
- Fortinet FortiRecorder 6.4.2
- Fortinet FortiRecorder 6.0.10
- Fortinet FortiRecorder 2.7.3
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.