Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistFortinetCVELIST:CVE-2022-42476
HistoryMar 07, 2023 - 4:21 p.m.

CVE-2022-42476

2023-03-0716:21:53
CWE-23
fortinet
www.cve.org
2
fortinet
fortios
fortiproxy
vulnerability
relative path traversal
privilege escalation
cwe-23

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RC:C

AI Score

8.4

Confidence

High

EPSS

0

Percentile

10.5%

JSON

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiOS",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.3",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.8",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.11",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.2.0",
        "lessThanOrEqual": "6.2.12",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Fortinet",
    "product": "FortiProxy",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.7",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "2.0.0",
        "lessThanOrEqual": "2.0.11",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "1.2.0",
        "lessThanOrEqual": "1.2.13",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "1.1.0",
        "lessThanOrEqual": "1.1.6",
        "status": "affected"
      }
    ]
  }
]

Related

nvd 1
nessus 2
cve 1
prion 1
fortinet 1
ics 1
nvd
nvd
CVE-2022-42476
2023-03-07 17:15:12
nessus
nessus
Fortinet FortiOS - Path Traversal Vulnerability (FG-IR-22-401)
2023-03-15 00:00:00
Fortinet Fortigate - Path traversal vulnerability allows VDOM escaping (FG-IR-22-401)
2024-05-22 00:00:00
cve
cve
CVE-2022-42476
2023-03-07 17:15:12
prion
prion
Path traversal
2023-03-07 17:15:00
fortinet
fortinet
Protect
2023-03-07 00:00:00
ics
ics
Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices
2024-03-14 12:00:00

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RC:C

AI Score

8.4

Confidence

High

EPSS

0

Percentile

10.5%

JSON
Related for CVELIST:CVE-2022-42476
nvd1nessus2cve1prion1fortinet1ics1