Arbitrary file read through command line pipe Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-218 Final 1 1 2023-03-07T00:00:00 Current version 2023-03-07T00:00:00 2023-03-07T00:00:00 An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiRecorder and FortiWeb may allow an authenticated user to read arbitrary files via specially crafted command arguments. None Information disclosure FortiWeb version 6.4.0 through 6.4.1FortiWeb version 6.3.0 through 6.3.17FortiWeb all versions 6.2FortiWeb all versions 6.1FortiWeb all versions 6.0FortiRecorder version 6.4.0 through 6.4.3FortiRecorder all versions 6.0FortiRecorder all versions 2.7 Upgrade to FortiWeb version 7.0.0 or above,Upgrade to FortiWeb version 6.4.2 or above.Upgrade to FortiWeb version 6.3.18 or above.Upgrade to FortiRecorder version 7.0.0 or aboveUpgrade to FortiRecorder version 6.4.4 or above Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security Team. CVE-2022-22297 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-218 Arbitrary file read through command line pipe Reference>