CVE-2022-42476 | THREATINT

Description

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.

PUBLISHED Reserved 2022-10-07 | Published 2023-03-07 | Updated 2024-10-23 | Assigner fortinet

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:X/RC:C

Problem types

Escalation of privilege

Product status

Default status

unaffected

7.2.0 (semver)

affected

7.0.0 (semver)

affected

6.4.0 (semver)

affected

6.2.0 (semver)

affected

Default status

unaffected

7.2.0 (semver)

affected

7.0.0 (semver)

affected

2.0.0 (semver)

affected

1.2.0 (semver)

affected

1.1.0 (semver)

affected

References

fortiguard.com/psirt/FG-IR-22-401

fortiguard.com/psirt/FG-IR-22-401

cve.org (CVE-2022-42476)

nvd.nist.gov (CVE-2022-42476)

Download JSON

help @ threatint.eu