Lucene search

[email protected]NVD:CVE-2022-42470

HistoryApr 11, 2023 - 5:15 p.m.

CVE-2022-42470

2023-04-1117:15:07

CWE-23

CWE-22

[email protected]

web.nvd.nist.gov

fortinet

forticlient

windows

path traversal

vulnerability

named pipe

unauthorized code

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

10.5%

JSON

A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe.

Affected configurations

NVD

Node

fortinetforticlientRange6.0.0–6.0.10windows

fortinetforticlientRange6.2.0–6.2.9windows

fortinetforticlientRange6.4.0–6.4.9windows

fortinetforticlientRange7.0.0–7.0.8windows

References

fortiguard.com/psirt/FG-IR-22-320

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

10.5%

JSON

Related for NVD:CVE-2022-42470

cvelist1 cve1 nessus1 fortinet1 prion1