A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 up to and including 7.2.2, 7.0.0 up to and including 7.0.8 and prior to 6.4.10, FortiProxy version 7.2.0 up to and including 7.2.1, 7.0.0 up to and including 7.0.7 and prior to 2.0.10, FortiSwitchManager 7.2.0 and prior to 7.0.0 allows an authenticated malicious user to read and write files on the underlying Linux system via crafted HTTP requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiswitchmanager 7.0.0 |
||
fortinet fortiswitchmanager 7.2.0 |
||
fortinet fortiproxy |
||
fortinet fortiproxy 7.2.0 |
||
fortinet fortiproxy 7.2.1 |
||
fortinet fortios 7.2.0 |
||
fortinet fortios |
||
fortinet fortios 7.2.1 |
||
fortinet fortios 7.2.2 |