exploitDog

GHSA-w4p8-qcm4-827w

Опубликовано: 07 мар. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 8.2

Описание

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.

Ссылки

EPSS

Процентиль: 22%

0.00074

Низкий

8.2 High

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2022-42476

CVSS3: 8.2

nvd

почти 3 года назад

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.

BDU:2023-01331

CVSS3: 8.2

fstec

больше 3 лет назад

Уязвимость технологии виртуализации Virtual Domains (VDOM) операционных систем FortiOS и прокси-сервера для защиты от интернет-атак FortiProxy, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 22%

0.00074

Низкий

8.2 High

CVSS3

CVE ID

Дефекты

CWE-22