CVE-2022-42476

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.4.11 and earlier, 7.0.0 through 7.0.8, 7.2.0 through 7.2.2 FortiProxy versions 7.0.0 through 7.0.8, 7.2.0 through 7.2.2

Description A relative path traversal issue in the Virtual Domains (VDOM) technology of FortiOS and FortiProxy allows privileged VDOM administrators to escalate their privileges to super admin via crafted CLI requests, potentially by sending specially formed GET, POST, and HEAD requests. This could enable an attacker to gain higher privileges.

Recommendations For FortiOS versions 6.4.11 and earlier, update to version 6.4.11 or later to resolve the issue. For FortiOS versions 7.0.0 through 7.0.8, update to a version after 7.0.8 to resolve the issue. For FortiOS versions 7.2.0 through 7.2.2, update to a version after 7.2.2 to resolve the issue. For FortiProxy versions 7.0.0 through 7.0.8, update to a version after 7.0.8 to resolve the issue. For FortiProxy versions 7.2.0 through 7.2.2, update to a version after 7.2.2 to resolve the issue.