CVE-2022-42470

2023-04-1117:15:07

CWE-23

CWE-22

fortinet

web.nvd.nist.gov

cve-2022-42470

fortinet

forticlient

windows

vulnerability

path traversal

unauthorized code execution

named pipe

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

10.5%

JSON

A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe.

Affected configurations

Nvd

Node

fortinetforticlientRange6.0.0–6.0.10windows

fortinetforticlientRange6.2.0–6.2.9windows

fortinetforticlientRange6.4.0–6.4.9windows

fortinetforticlientRange7.0.0–7.0.8windows

VendorProductVersionCPE
fortinetforticlient*cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
fortinet	forticlient	*	cpe:2.3:a:fortinet:forticlient::::::windows::*

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiClientWindows",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.7",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.10",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.2.0",
        "lessThanOrEqual": "6.2.9",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.0.0",
        "lessThanOrEqual": "6.0.10",
        "status": "affected"
      }
    ]
  }
]