CVE-2022-42474

6.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiswitchmanager; Fortiproxy; FortiOS
Vendor: CVE Published:; 13 June 2023

Summary

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.

Affected Version(s)

FortiOS 7.2.0 <= 7.2.3

FortiOS 7.0.0 <= 7.0.9

FortiOS 6.4.0 <= 6.4.12

References

https://fortiguard.com/psirt/FG-IR-22-393

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
Oct 7, 2022