{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-42476","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2022-10-07T14:05:36.301Z","datePublished":"2023-03-07T16:21:53.725Z","dateUpdated":"2024-10-23T14:31:15.323Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.3","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.8","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.11","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.12","status":"affected"}]},{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.1","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.7","status":"affected"},{"versionType":"semver","version":"2.0.0","lessThanOrEqual":"2.0.11","status":"affected"},{"versionType":"semver","version":"1.2.0","lessThanOrEqual":"1.2.13","status":"affected"},{"versionType":"semver","version":"1.1.0","lessThanOrEqual":"1.1.6","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-03-07T16:21:53.725Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-23","description":"Escalation of privilege","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:X/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.9 or above\r\nPlease upgrade to FortiOS version 6.4.12 or above\r\nPlease upgrade to FortiOS version 6.2.13 or above\n "}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-401","url":"https://fortiguard.com/psirt/FG-IR-22-401"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T13:10:40.836Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-401","url":"https://fortiguard.com/psirt/FG-IR-22-401","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-23T14:11:27.802267Z","id":"CVE-2022-42476","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-23T14:31:15.323Z"}}]}}