{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-42474", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2022-10-07T14:05:36.301Z", "datePublished": "2023-06-13T08:41:42.277Z", "dateUpdated": "2024-10-22T20:46:07.625Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiSwitchManager", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.1", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.1", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiProxy", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.1", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.7", "status": "affected"}, {"versionType": "semver", "version": "2.0.0", "lessThanOrEqual": "2.0.11", "status": "affected"}, {"versionType": "semver", "version": "1.2.0", "lessThanOrEqual": "1.2.13", "status": "affected"}, {"versionType": "semver", "version": "1.1.0", "lessThanOrEqual": "1.1.6", "status": "affected"}, {"versionType": "semver", "version": "1.0.0", "lessThanOrEqual": "1.0.7", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiOS", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.3", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.9", "status": "affected"}, {"versionType": "semver", "version": "6.4.0", "lessThanOrEqual": "6.4.12", "status": "affected"}, {"versionType": "semver", "version": "6.2.0", "lessThanOrEqual": "6.2.15", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-06-13T08:41:42.277Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-23", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.10 or above\r\nPlease upgrade to FortiOS version 6.4.13 or above\r\nPlease upgrade to FortiSwitchManager version 7.2.2 or above\r\nPlease upgrade to FortiSwitchManager version 7.0.2 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to FortiProxy version 2.0.12 or above"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-22-393", "url": "https://fortiguard.com/psirt/FG-IR-22-393"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:10:40.871Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-22-393", "url": "https://fortiguard.com/psirt/FG-IR-22-393", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T20:18:03.538716Z", "id": "CVE-2022-42474", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:46:07.625Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-393", "name": "https://fortiguard.com/psirt/FG-IR-22-393", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:10:40.871Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-42474", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T20:18:03.538716Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:20:22.534Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Fortinet", "product": "FortiSwitchManager", "versions": [{"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.1"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.1"}], "defaultStatus": "unaffected"}, {"vendor": "Fortinet", "product": "FortiProxy", "versions": [{"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.1"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.7"}, {"status": "affected", "version": "2.0.0", "versionType": "semver", "lessThanOrEqual": "2.0.11"}, {"status": "affected", "version": "1.2.0", "versionType": "semver", "lessThanOrEqual": "1.2.13"}, {"status": "affected", "version": "1.1.0", "versionType": "semver", "lessThanOrEqual": "1.1.6"}, {"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "1.0.7"}], "defaultStatus": "unaffected"}, {"vendor": "Fortinet", "product": "FortiOS", "versions": [{"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.3"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.9"}, {"status": "affected", "version": "6.4.0", "versionType": "semver", "lessThanOrEqual": "6.4.12"}, {"status": "affected", "version": "6.2.0", "versionType": "semver", "lessThanOrEqual": "6.2.15"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.10 or above\r\nPlease upgrade to FortiOS version 6.4.13 or above\r\nPlease upgrade to FortiSwitchManager version 7.2.2 or above\r\nPlease upgrade to FortiSwitchManager version 7.0.2 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to FortiProxy version 2.0.12 or above"}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-22-393", "name": "https://fortiguard.com/psirt/FG-IR-22-393"}], "descriptions": [{"lang": "en", "value": "A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-23", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-06-13T08:41:42.277Z"}}}, "cveMetadata": {"cveId": "CVE-2022-42474", "state": "PUBLISHED", "dateUpdated": "2024-10-22T20:46:07.625Z", "dateReserved": "2022-10-07T14:05:36.301Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2023-06-13T08:41:42.277Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "22936F53-4480-4011-9211-174D1C507E87", "versionEndIncluding": "1.0.7", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6BBF05F-4967-4A2E-A8F8-C2086097148B", "versionEndIncluding": "1.1.6", "versionStartIncluding": "1.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "33B84D9A-55E3-4146-A55A-ACB507E61B05", "versionEndIncluding": "1.2.13", "versionStartIncluding": "1.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "6607C71D-D434-430A-8DFD-9125381D2D36", "versionEndIncluding": "2.0.11", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F3A99BB-534C-4984-948B-8FFF659A9B9B", "versionEndIncluding": "7.0.7", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "F5F302F8-482A-4DA9-BDD9-63886B202B52", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "91E7F209-D645-48EC-BB5F-E730E55E8EE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B4A6B0D-1614-443B-8EBA-A8FBC2E1A832", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "331A1766-4EBA-4519-A8ED-E0DD68A187E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2B73D78B-2270-45B7-854E-F985B8D88F3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "469E9E1C-154C-41CB-AC83-FBE5E6FA83EB", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "7916D6BB-838E-40A0-9C7F-FBE9ECBA0D99", "versionEndIncluding": "6.2.15", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E99B6E5-7EC3-406C-AFAC-A5E32DE266DF", "versionEndIncluding": "6.4.12", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E775D02-7C02-40BE-A118-D874B9BBC936", "versionEndIncluding": "7.0.9", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "813E179E-B948-4480-A5B1-B0ED562A41BC", "versionEndIncluding": "7.2.3", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests."}], "id": "CVE-2022-42474", "lastModified": "2024-11-21T07:25:02.533", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-13T09:15:15.597", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-22-393"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-22-393"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "psirt@fortinet.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}