Nixpkgs security tracker
5.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
An Improper Limitation of a Pathname to a Restricted Directory …
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.
Affected products
- =<7.4.9
- =<7.0.19
- =<7.6.4
- =<6.4.16
- =<7.2.13
- ==1.7.0
- =<1.5.1
- =<1.6.2
- =<1.3.1
- =<1.0.3
- ==1.2.0
- =<1.4.3
- =<1.1.2
- =<7.4.11
- =<7.2.16
- =<7.0.23
- =<7.6.4
- =<7.0.6
- =<7.2.7
Matching in nixpkgs
pkgs.terraform-providers.fortios
None
pkgs.python312Packages.fortiosapi
Python module to work with Fortigate/Fortios devices
pkgs.python313Packages.fortiosapi
Python module to work with Fortigate/Fortios devices
pkgs.python314Packages.fortiosapi
Python module to work with Fortigate/Fortios devices
Package maintainers
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>