CVE-2022-42474: Path Traversal
First published: Tue Jun 13 2023(Updated: )
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiProxy | >=1.0.0<=1.0.7 | |
| Fortinet FortiProxy | >=1.1.0<=1.1.6 | |
| Fortinet FortiProxy | >=1.2.0<=1.2.13 | |
| Fortinet FortiProxy | >=2.0.0<=2.0.11 | |
| Fortinet FortiProxy | >=7.0.0<=7.0.7 | |
| Fortinet FortiProxy | =7.2.0 | |
| Fortinet FortiProxy | =7.2.1 | |
| Fortinet FortiSwitchManager | =7.0.0 | |
| Fortinet FortiSwitchManager | =7.0.1 | |
| Fortinet FortiSwitchManager | =7.2.0 | |
| Fortinet FortiSwitchManager | =7.2.1 | |
| Fortinet FortiOS | >=6.2.0<=6.2.15 | |
| Fortinet FortiOS | >=6.4.0<=6.4.12 | |
| Fortinet FortiOS | >=7.0.0<=7.0.9 | |
| Fortinet FortiOS | >=7.2.0<=7.2.3 |
Remedy
Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.10 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiSwitchManager version 7.2.2 or above Please upgrade to FortiSwitchManager version 7.0.2 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiProxy version 2.0.12 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-42474?
CVE-2022-42474 is a relative path traversal vulnerability in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1.
What is the severity of CVE-2022-42474?
CVE-2022-42474 has a severity rating of medium (2.7).
How does CVE-2022-42474 affect Fortinet FortiProxy?
CVE-2022-42474 affects Fortinet FortiProxy versions 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7.
How does CVE-2022-42474 affect Fortinet FortiOS?
CVE-2022-42474 affects Fortinet FortiOS versions 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, and before 6.4.12.
Is there a fix available for CVE-2022-42474?
Yes, a fix for CVE-2022-42474 is available. It is recommended to upgrade to the latest patched version of the affected software.
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/fortinet
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.0.0
- version/fortinet fortiproxy/1.0.7
- version/fortinet fortiproxy/1.1.0
- version/fortinet fortiproxy/1.1.6
- version/fortinet fortiproxy/1.2.0
- version/fortinet fortiproxy/1.2.13
- version/fortinet fortiproxy/2.0.0
- version/fortinet fortiproxy/2.0.11
- version/fortinet fortiproxy/7.0.0
- version/fortinet fortiproxy/7.0.7
- version/fortinet fortiproxy/7.2.0
- version/fortinet fortiproxy/7.2.1
- canonical/fortinet fortiswitchmanager
- version/fortinet fortiswitchmanager/7.0.0
- version/fortinet fortiswitchmanager/7.0.1
- version/fortinet fortiswitchmanager/7.2.0
- version/fortinet fortiswitchmanager/7.2.1
- canonical/fortinet fortios
- version/fortinet fortios/6.2.0
- version/fortinet fortios/6.2.15
- version/fortinet fortios/6.4.0
- version/fortinet fortios/6.4.12
- version/fortinet fortios/7.0.0
- version/fortinet fortios/7.0.9
- version/fortinet fortios/7.2.0
- version/fortinet fortios/7.2.3