发布于3月6日3月6日 Members Fortinet FortiOS: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2022-42476) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 03/07/2023 Created 03/16/2023 Added 03/16/2023 Modified 01/28/2025 Description A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests. Solution(s) fortios-upgrade-latest References https://attackerkb.com/topics/cve-2022-42476 CVE - 2022-42476 https://fortiguard.com/psirt/FG-IR-22-401
