CVE-2023-44251

HIGH

FortiWAN 5.1.1-5.1.2 and 5.2.0-5.2.1 - Authenticated Path Traversal and Arbitrary File Deletion

Title source: llm
STIX 2.1

Description

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.

References (1)

Core 1
Core References

Scores

CVSS v3 8.3
EPSS 0.0084
EPSS Percentile 53.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

Details

CWE
CWE-22
Status published
Products (4)
fortinet/fortiwan 5.1.1
fortinet/fortiwan 5.1.2
fortinet/fortiwan 5.2.0
fortinet/fortiwan 5.2.1
Published Dec 13, 2023
Tracked Since Feb 18, 2026