CVE-2022-41328

MEDIUM KEV

Fortinet FortiOS <7.2.3-6.4.11 - Path Traversal

Title source: llm

Description

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.

References (2)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-22-369

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41328

Scores

CVSS v3 6.7

EPSS 0.0029

EPSS Percentile 52.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-03-14

VulnCheck KEV 2023-03-09

InTheWild.io 2023-03-14

ENISA EUVD EUVD-2022-44535

CWE

CWE-22

Status published

Products (1)

fortinet/fortios 6.0.0 - 6.0.16

Published Mar 07, 2023

KEV Added Mar 14, 2023

Tracked Since Feb 18, 2026