First published: Wed Dec 13 2023(Updated: )
** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiWAN | =5.1.1 | |
Fortinet FortiWAN | =5.1.2 | |
Fortinet FortiWAN | =5.2.0 | |
Fortinet FortiWAN | =5.2.1 |
This product is end of life and no longer supported. Please consider replacing with an equivalent FortiGate appliance as approriate.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-44251 has been classified as a high severity vulnerability due to its potential for unauthorized access to system files.
To fix CVE-2023-44251, upgrade to Fortinet FortiWAN version 5.2.2 or newer, which addresses the path traversal vulnerability.
CVE-2023-44251 affects Fortinet FortiWAN versions 5.1.1, 5.1.2, 5.2.0, and 5.2.1.
CVE-2023-44251 is a path traversal vulnerability that allows an authenticated attacker to access files outside of the intended directory.
Yes, CVE-2023-44251 may allow an authenticated attacker to read and delete arbitrary files on the system, potentially leading to data loss.