VDB
CISA-2022-42476
CISA-2022-42476
PUBLISHED
CVSS 7.8 HIGH
Reported by fortinet · Published March 7, 2023
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.
Risk Scores
CVSS 3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:X/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiOS | 7.2.0, 7.0.0, 6.4.0 |
| Fortinet | FortiProxy | 7.2.0, 7.0.0, 2.0.0 |
| Fortinet | FortiProxy | 1.1.0, 7.0.0, 2.0.0 |
| Fortinet | FortiOS | 7.0.0, 6.4.0, 6.2.0 |
Timeline
- Mar 7, 2023 CVE Published
- Oct 23, 2024 CVE Updated