CVE-2022-42474 MEDIUM

CVE-2022-42474

Vendor Fortinet
Product FortiSwitchManager
Weakness CWE-23
Published June 13, 2023
Last update October 22, 2024
View on NVD All CVEs

CVSS base score

6.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:C

What the vulnerability does

01Description

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.

Key dates

02Disclosure timeline

June 13, 2023 CVE published
October 22, 2024 Record updated