CVE-2023-22636
First published: Mon Feb 27 2023(Updated: )
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiWeb | >=6.3.6<=6.3.21 | |
| Fortinet FortiWeb | >=6.4.0<=6.4.2 | |
| Fortinet FortiWeb | >=7.0.0<=7.0.4 |
Remedy
Please upgrade to FortiWeb version 7.0.5 or above. Please upgrade to FortiWeb version 7.2.0 or above.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-22636.
What is the severity of CVE-2023-22636?
The severity of CVE-2023-22636 is high.
How does CVE-2023-22636 affect FortiWeb?
CVE-2023-22636 affects FortiWeb versions 6.3.6 through 6.3.21, 6.4.0 through 6.4.2, and 7.0.0 through 7.0.4.
What can an attacker do with this vulnerability?
An attacker can access confidential configuration files by exploiting CVE-2023-22636.
Is there a fix available for CVE-2023-22636?
Yes, Fortinet has released a fix for CVE-2023-22636. Please refer to the Fortinet website for more information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/fortinet
- canonical/fortinet fortiweb
- version/fortinet fortiweb/6.3.6
- version/fortinet fortiweb/6.3.21
- version/fortinet fortiweb/6.4.0
- version/fortinet fortiweb/6.4.2
- version/fortinet fortiweb/7.0.0
- version/fortinet fortiweb/7.0.4