Arbitrary Directory Deletion Vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager

Arbitrary Directory Deletion Vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager

CVE-2022-42474 · LOW Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.

Learn more about our Cis Benchmark Audit For Apple Ios.