CVE-2022-41335

CWE-23 CWE-22 — Path Traversal5 documents5 sources

Severity

8.1HIGH

EPSS

0.3%

top 45.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiproxy Fortinet Fortios Fortinet Fortiswitchmanager

Timeline

PublishedFeb 16

Description

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5fortinet/fortiproxy1.2.0 — 1.2.*+7

▶CVEListV5fortinet/fortios7.2.0 — 7.2.2+3

▶NVDfortinet/fortios6.2.0 — 6.2.12+5

▶NVDfortinet/fortiproxy1.1.0 — 1.1.6+5

▶CVEListV5fortinet/fortiswitchmanager7.0.0, 7.2.0+1

Patches

Patch: fortiguard.com ↗Patch: fortiguard.com ↗

🔴Vulnerability Details

GHSA

GHSA-gjq5-3p29-m546: A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7↗2023-02-16

▶

CVEList

CVE-2022-41335: A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7↗2023-02-16

▶

VulnCheck

Fortinet fortiswitchmanager Relative Path Traversal↗2022

▶

📋Vendor Advisories

Fortinet

Arbitrary read/write vulnerability in administrative interface↗2023-02-16

▶