CVE-2022-41335
published 2023-02-16CVE-2022-41335: A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version…
high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | 6.2.0 – 6.2.12 | — |
| fortinet | fortios | 6.4.0 – 6.4.10 | — |
| fortinet | fortios | 7.0.0 – 7.0.8 | — |
| fortinet | fortios | 7.2.0 – 7.2.2 | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiproxy | >= 1.0.0 < 1.0.* | 1.0.* |
| fortinet | fortiproxy | >= 1.1.0 < 1.1.* | 1.1.* |
| fortinet | fortiproxy | 1.1.0 – 1.1.6 | — |
| fortinet | fortiproxy | >= 1.2.0 < 1.2.* | 1.2.* |
| fortinet | fortiproxy | 1.2.0 – 1.2.13 | — |
| fortinet | fortiproxy | 2.0.0 – 2.0.10 | — |
| fortinet | fortiproxy | 7.0.0 – 7.0.7 | — |
| fortinet | fortiproxy | 7.2.0 – 7.2.1 | — |
| fortinet | fortiswitchmanager | — | — |
| fortinet | fortiswitchmanager | — | — |
| fortinet | fortiswitchmanager | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
vulncheck8.8HIGH