Description
A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
E
Physical
RL
X
RC
Changed
Affected products
- fortinet / fortisoar7.6.0 – 7.6.0
- fortinet / fortisoar7.5.1 – 7.5.1
- fortinet / fortisoar7.5.0 – 7.5.0
- fortinet / fortisoar7.4.5 – 7.4.5
- fortinet / fortisoar7.4.4 – 7.4.4
- fortinet / fortisoar7.4.3 – 7.4.3
- fortinet / fortisoar7.4.2 – 7.4.2
- fortinet / fortisoar7.4.1 – 7.4.1
- fortinet / fortisoar7.4.0 – 7.4.0
- fortinet / fortisoar7.3.3 – 7.3.3
- fortinet / fortisoar7.3.2 – 7.3.2
- fortinet / fortisoar7.3.1 – 7.3.1
- fortinet / fortisoar7.3.0 – 7.3.0
References
- VENDOR_ADVISORYhttps://fortiguard.fortinet.com/psirt/FG-IR-24-421