CVE-2022-41335

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests.

Published: Feb 16, 2023
Updated: Nov 8, 2023
CVE: CVE-2022-41335
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
fortinet / fortiswitchmanager	7.0.0	7.0.0.x
fortinet / fortiswitchmanager	7.2.0	7.2.0.x
fortinet / fortiproxy	1.1.0	1.1.6.x
fortinet / fortiproxy	1.2.0	1.2.13.x
fortinet / fortiproxy	7.2.0	7.2.0.x
fortinet / fortiproxy	2.0.0	2.0.10.x
fortinet / fortiproxy	7.0.0	7.0.7.x
fortinet / fortiproxy	7.2.1	7.2.1.x
fortinet / fortios	7.2.0	7.2.0.x
fortinet / fortios	6.4.0	6.4.10.x
fortinet / fortios	6.2.0	6.2.12.x
fortinet / fortios	7.2.1	7.2.1.x
fortinet / fortios	7.0.0	7.0.8.x
fortinet / fortios	7.2.2	7.2.2.x

https://fortiguard.com/psirt/FG-IR-22-391

Vulnerability Database

289,784

CVE-2022-41335