CVE-2023-44251
HIGHFortiWAN 5.1.1-5.1.2 and 5.2.0-5.2.1 - Authenticated Path Traversal and Arbitrary File Deletion
Title source: llmDescription
** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1. through 5.1.2 may allow an authenticated attacker to read and delete arbitrary file of the system via crafted HTTP or HTTPs requests.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-265
Scores
CVSS v3
8.3
EPSS
0.0063
EPSS Percentile
70.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Details
CWE
CWE-22
Status
published
Products (4)
fortinet/fortiwan
5.1.1
fortinet/fortiwan
5.1.2
fortinet/fortiwan
5.2.0
fortinet/fortiwan
5.2.1
Published
Dec 13, 2023
Tracked Since
Feb 18, 2026