CVE-2022-42474
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
13/06/2023
Last modified:
07/11/2023
Description
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.
Impact
Base Score 3.x
2.70
Severity 3.x
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* | 1.0.0 (including) | 1.0.7 (including) |
| cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* | 1.1.0 (including) | 1.1.6 (including) |
| cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* | 1.2.0 (including) | 1.2.13 (including) |
| cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* | 2.0.0 (including) | 2.0.11 (including) |
| cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* | 7.0.0 (including) | 7.0.7 (including) |
| cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortiswitchmanager:7.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortiswitchmanager:7.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* | 6.2.0 (including) | 6.2.15 (including) |
| cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* | 6.4.0 (including) | 6.4.12 (including) |
| cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* | 7.0.0 (including) | 7.0.9 (including) |
| cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* | 7.2.0 (including) | 7.2.3 (including) |
To consult the complete list of CPE names with products and versions, see this page