A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests.
2023-02-16T19:15:13.513
2024-11-21T07:23:04.617
Modified
CVSSv3.1: 8.8 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | fortiswitchmanager | 7.0.0 | Yes |
| Application | fortinet | fortiswitchmanager | 7.2.0 | Yes |
| Application | fortinet | fortiproxy | ≤ 1.1.6 | Yes |
| Application | fortinet | fortiproxy | ≤ 1.2.13 | Yes |
| Application | fortinet | fortiproxy | ≤ 2.0.10 | Yes |
| Application | fortinet | fortiproxy | ≤ 7.0.7 | Yes |
| Application | fortinet | fortiproxy | 7.2.0 | Yes |
| Application | fortinet | fortiproxy | 7.2.1 | Yes |
| Operating System | fortinet | fortios | ≤ 6.2.12 | Yes |
| Operating System | fortinet | fortios | ≤ 6.4.10 | Yes |
| Operating System | fortinet | fortios | ≤ 7.0.8 | Yes |
| Operating System | fortinet | fortios | 7.2.0 | Yes |
| Operating System | fortinet | fortios | 7.2.1 | Yes |
| Operating System | fortinet | fortios | 7.2.2 | Yes |