A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-22-393 | Vendor Advisory |
| https://fortiguard.com/psirt/FG-IR-22-393 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:25
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| References | () https://fortiguard.com/psirt/FG-IR-22-393 - Vendor Advisory |
17 Jun 2023, 01:37
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitchmanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitchmanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:* |
|
| References | (MISC) https://fortiguard.com/psirt/FG-IR-22-393 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.7 |
| CWE | CWE-22 | |
| First Time |
Fortinet fortiswitchmanager
Fortinet fortiproxy Fortinet Fortinet fortios |
13 Jun 2023, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-06-13 09:15
Updated : 2024-11-21 07:25
NVD link : CVE-2022-42474
Mitre link : CVE-2022-42474
CVE.ORG link : CVE-2022-42474
JSON object : View
Products Affected
fortinet
- fortiproxy
- fortios
- fortiswitchmanager