VYPR
Unrated severityNVD Advisory· Published Jun 13, 2023· Updated Oct 22, 2024

CVE-2022-42474

CVE-2022-42474

Description

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.

Affected products

6
  • Fortinet/Fortiswitchmanagerllm-fuzzy2 versions
    7.2.0-7.2.1, <7.0.1+ 1 more
    • (no CPE)range: 7.2.0-7.2.1, <7.0.1
    • (no CPE)range: 7.2.0
  • Fortinet/Fortiproxyllm-fuzzy2 versions
    7.2.0-7.2.1, 7.0.0-7.0.7+ 1 more
    • (no CPE)range: 7.2.0-7.2.1, 7.0.0-7.0.7
    • (no CPE)range: 7.2.0
  • Fortinet/Fortiosllm-fuzzy2 versions
    <6.4.12, 7.0.0-7.0.9, 7.2.0-7.2.3+ 1 more
    • (no CPE)range: <6.4.12, 7.0.0-7.0.9, 7.2.0-7.2.3
    • (no CPE)range: 7.2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.