VDB

CISA-2022-42476

CISA-2022-42476 PUBLISHED CVSS 7.8 HIGH

Reported by fortinet · Published March 7, 2023

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.

Risk Scores

CVSS 3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:X/RC:C

Affected Products

VendorProductVersions
FortinetFortiOS7.2.0, 7.0.0, 6.4.0
FortinetFortiProxy7.2.0, 7.0.0, 2.0.0
FortinetFortiProxy1.1.0, 7.0.0, 2.0.0
FortinetFortiOS7.0.0, 6.4.0, 6.2.0

Timeline

  • Mar 7, 2023 CVE Published
  • Oct 23, 2024 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›