CVE-2022-42474

CWE-23CWE-22Path Traversal4 documents4 sources
Severity
2.7LOW
EPSS
0.2%
top 55.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Fortinet FortiosFortinet FortiproxyFortinet Fortiswitchmanager
Timeline
PublishedJun 13

Description

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages6 packages

CVEListV5fortinet/fortios7.2.07.2.3+3
NVDfortinet/fortios6.2.06.2.15+3
CVEListV5fortinet/fortiproxy7.2.07.2.1+5
NVDfortinet/fortiproxy1.0.01.0.7+6
CVEListV5fortinet/fortiswitchmanager7.2.07.2.1+1

🔴Vulnerability Details

2
CVEList
CVE-2022-42474: A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 72023-06-13
GHSA
GHSA-r533-5559-j96c: A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 72023-06-13

📋Vendor Advisories

1
Fortinet
Path traversal vulnerability in administrative interface2023-06-13
CVE-2022-42474 (LOW CVSS 2.7) | A relative path traversal vulnerabi | cvebase.io