Sign-up

ID

VAR-202212-0781


CVE

CVE-2022-33876


TITLE

fortinet's  FortiADC  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023123

DESCRIPTION

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests. fortinet's FortiADC There is an input validation vulnerability in.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-33876 // JVNDB: JVNDB-2022-023123 // VULHUB: VHN-426027

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiadcscope:eqversion:7.0.2

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:eqversion:7.0.1

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:eqversion:7.1.0

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:gteversion:5.1.0

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:lteversion:6.2.4

Trust: 1.0

vendor:フォーティネットmodel:fortiadcscope:eqversion:7.0.2

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope:eqversion:5.1.0 to 6.2.4

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope:eqversion:7.1.0

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope:eqversion:7.0.0

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope:eqversion:7.0.1

Trust: 0.8

sources: JVNDB: JVNDB-2022-023123 // NVD: CVE-2022-33876

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-33876
value: MEDIUM

Trust: 1.8

psirt@fortinet.com: CVE-2022-33876
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202212-2589
value: MEDIUM

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com:
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2022-33876
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023123 // NVD: CVE-2022-33876 // NVD: CVE-2022-33876 // CNNVD: CNNVD-202212-2589

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-444

Trust: 0.1

sources: VULHUB: VHN-426027 // JVNDB: JVNDB-2022-023123 // NVD: CVE-2022-33876

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2589

TYPE

environmental issue

Trust: 0.6

sources: CNNVD: CNNVD-202212-2589

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-33876

PATCH
title:FG-IR-22-253url:https://www.fortiguard.com/psirt/fg-ir-22-253
Trust: 0.8
title:Fortinet FortiADC Remediation measures for environmental problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216782
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-023123 // 
            
            
            
            CNNVD: CNNVD-202212-2589

EXTERNAL IDS
db:NVDid:CVE-2022-33876
Trust: 3.3
db:JVNDBid:JVNDB-2022-023123
Trust: 0.8
db:CNNVDid:CNNVD-202212-2589
Trust: 0.6
db:VULHUBid:VHN-426027
Trust: 0.1
sources:
            
            
            VULHUB: VHN-426027 // 
            
            
            
            JVNDB: JVNDB-2022-023123 // 
            
            
            
            NVD: CVE-2022-33876 // 
            
            
            
            CNNVD: CNNVD-202212-2589

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-22-253
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2022-33876
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-33876/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-426027 // 
            
            
            
            JVNDB: JVNDB-2022-023123 // 
            
            
            
            NVD: CVE-2022-33876 // 
            
            
            
            CNNVD: CNNVD-202212-2589

SOURCES
db:VULHUBid:VHN-426027
db:JVNDBid:JVNDB-2022-023123
db:NVDid:CVE-2022-33876
db:CNNVDid:CNNVD-202212-2589

LAST UPDATE DATE
2023-12-18T12:15:10.568000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-426027date:2022-12-07T00:00:00
db:JVNDBid:JVNDB-2022-023123date:2023-11-27T05:58:00
db:NVDid:CVE-2022-33876date:2023-11-07T03:48:23.177
db:CNNVDid:CNNVD-202212-2589date:2022-12-08T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-426027date:2022-12-06T00:00:00
db:JVNDBid:JVNDB-2022-023123date:2023-11-27T00:00:00
db:NVDid:CVE-2022-33876date:2022-12-06T17:15:10.813
db:CNNVDid:CNNVD-202212-2589date:2022-12-06T00:00:00