CVE-2022-42476: Path Traversal
First published: Tue Mar 07 2023(Updated: )
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiProxy | >=1.1.0<=1.1.6 | |
| Fortinet FortiProxy | >=1.2.0<=1.2.13 | |
| Fortinet FortiProxy | >=2.0.0<=2.0.11 | |
| Fortinet FortiProxy | >=7.0.0<=7.0.7 | |
| Fortinet FortiProxy | =7.2.0 | |
| Fortinet FortiProxy | =7.2.1 | |
| Fortinet FortiOS | >=6.2.0<=6.2.12 | |
| Fortinet FortiOS | >=6.4.0<=6.4.11 | |
| Fortinet FortiOS | >=7.0.0<=7.0.8 | |
| Fortinet FortiOS | >=7.2.0<=7.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-42476?
CVE-2022-42476 is a relative path traversal vulnerability in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, and before 6.4.11, as well as in FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8.
How severe is CVE-2022-42476?
CVE-2022-42476 has a severity rating of 8.2, which is considered high.
How does CVE-2022-42476 affect Fortinet FortiOS?
CVE-2022-42476 affects Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, and before 6.4.11.
How does CVE-2022-42476 affect FortiProxy?
CVE-2022-42476 affects FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8.
How can I mitigate the risk of CVE-2022-42476?
To mitigate the risk of CVE-2022-42476, it is recommended to update Fortinet FortiOS to version 6.4.11, 7.0.8, or 7.2.3, and FortiProxy to version 7.0.8 or 7.2.3.
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.1.0
- version/fortinet fortiproxy/1.1.6
- version/fortinet fortiproxy/1.2.0
- version/fortinet fortiproxy/1.2.13
- version/fortinet fortiproxy/2.0.0
- version/fortinet fortiproxy/2.0.11
- version/fortinet fortiproxy/7.0.0
- version/fortinet fortiproxy/7.0.7
- version/fortinet fortiproxy/7.2.0
- version/fortinet fortiproxy/7.2.1
- canonical/fortinet fortios
- version/fortinet fortios/6.2.0
- version/fortinet fortios/6.2.12
- version/fortinet fortios/6.4.0
- version/fortinet fortios/6.4.11
- version/fortinet fortios/7.0.0
- version/fortinet fortios/7.0.8
- version/fortinet fortios/7.2.0
- version/fortinet fortios/7.2.3