CVE-2022-42476 HIGH

CVE-2022-42476

Vendor Fortinet

Product FortiOS

Weakness CWE-23

Published March 7, 2023

Last update October 23, 2024

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:X/RC:C

What the vulnerability does

01Description

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.

Key dates

02Disclosure timeline

March 7, 2023 CVE published

October 23, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-42476

Related vulnerabilities

Identifiers

CVE CVE-2022-42476

CWE CWE-23

CVSS 7.8 / HIGH

Affected versions

Vendor Fortinet

Product FortiOS

Affected ≥ 7.2.0 and ≤ 7.2.3

Vendor Fortinet

Product FortiOS

Affected ≥ 7.0.0 and ≤ 7.0.8

Vendor Fortinet

Product FortiOS

Affected ≥ 6.4.0 and ≤ 6.4.11

Vendor Fortinet

Product FortiOS

Affected ≥ 6.2.0 and ≤ 6.2.12

Vendor Fortinet

Product FortiProxy

Affected ≥ 7.2.0 and ≤ 7.2.1

Vendor Fortinet

Product FortiProxy

Affected ≥ 7.0.0 and ≤ 7.0.7

Vendor Fortinet

Product FortiProxy

Affected ≥ 2.0.0 and ≤ 2.0.11

Vendor Fortinet

Product FortiProxy

Affected ≥ 1.2.0 and ≤ 1.2.13

Vendor Fortinet

Product FortiProxy

Affected ≥ 1.1.0 and ≤ 1.1.6

CVE-2022-42476

01Description

02Disclosure timeline

03References

04Related CVE