CVE-2022-42474
published 2023-06-13CVE-2022-42474: A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy…
low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | 6.2.0 – 6.2.15 | — |
| fortinet | fortios | 6.4.0 – 6.4.12 | — |
| fortinet | fortios | 7.0.0 – 7.0.9 | — |
| fortinet | fortios | 7.2.0 – 7.2.3 | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiproxy | 1.0.0 – 1.0.7 | — |
| fortinet | fortiproxy | 1.1.0 – 1.1.6 | — |
| fortinet | fortiproxy | 1.2.0 – 1.2.13 | — |
| fortinet | fortiproxy | 2.0.0 – 2.0.11 | — |
| fortinet | fortiproxy | 7.0.0 – 7.0.7 | — |
| fortinet | fortiproxy | 7.2.0 – 7.2.1 | — |
| fortinet | fortiswitchmanager | — | — |
| fortinet | fortiswitchmanager | — | — |
| fortinet | fortiswitchmanager | — | — |
| fortinet | fortiswitchmanager | — | — |
| fortinet | fortiswitchmanager | — | — |
| fortinet | fortiswitchmanager | 7.0.0 – 7.0.1 | — |
| fortinet | fortiswitchmanager | 7.2.0 – 7.2.1 | — |