Description
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.com/psirt/FG-IR-22-393
Scores
CVSS v3
6.5
EPSS
0.0022
EPSS Percentile
44.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
CWE-23
Status
published
Products (8)
fortinet/fortios
6.2.0 - 6.2.15
fortinet/fortiproxy
7.2.0
fortinet/fortiproxy
7.2.1
fortinet/fortiproxy
1.0.0 - 1.0.7
fortinet/fortiswitchmanager
7.0.0
fortinet/fortiswitchmanager
7.0.1
fortinet/fortiswitchmanager
7.2.0
fortinet/fortiswitchmanager
7.2.1
Published
Jun 13, 2023
Tracked Since
Feb 18, 2026