CVE-2022-42474 | THREATINT

Description

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.

PUBLISHED Reserved 2022-10-07 | Published 2023-06-13 | Updated 2024-10-22 | Assigner fortinet

MEDIUM: 6.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:C

Problem types

Execute unauthorized code or commands

Product status

Default status

unaffected

7.2.0

affected

7.0.0

affected

Default status

unaffected

7.2.0

affected

7.0.0

affected

2.0.0

affected

1.2.0

affected

1.1.0

affected

1.0.0

affected

Default status

unaffected

7.2.0

affected

7.0.0

affected

6.4.0

affected

6.2.0

affected

References

fortiguard.com/psirt/FG-IR-22-393

cve.org (CVE-2022-42474)

nvd.nist.gov (CVE-2022-42474)

Download JSON