A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 up to and including 7.2.3, version 7.0.0 up to and including 7.0.9 and prior to 6.4.12, FortiProxy version 7.2.0 up to and including 7.2.1 and 7.0.0 up to and including 7.0.7, FortiSwitchManager version 7.2.0 up to and including 7.2.1 and prior to 7.0.1 allows an privileged malicious user to delete arbitrary directories from the filesystem through crafted HTTP requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiproxy |
||
fortinet fortiswitchmanager 7.0.0 |
||
fortinet fortiswitchmanager 7.2.0 |
||
fortinet fortiproxy 7.2.0 |
||
fortinet fortiproxy 7.2.1 |
||
fortinet fortios |
||
fortinet fortiswitchmanager 7.2.1 |
||
fortinet fortiswitchmanager 7.0.1 |