CVE-2022-42474

CVE Database · CVE-2022-42474

CVE-2022-42474

· MEDIUMModified

CVSS v3.1

6.5

EPSS

0.64%

Published

Jun 13, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Weaknesses (CWE)

CWE-23CWE-22

Affected Products (15)

fortinet · fortiproxyvulnerable

fortinet · fortiswitchmanagervulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-22-393

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-393

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs