CVE-2022-41335

HIGH EXPLOITED

Fortinet FortiOS <7.2.2 - Path Traversal

Title source: llm

Exploitation Summary

CVE-2022-41335 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-391

Scores

CVSS v3 8.8

EPSS 0.0030

EPSS Percentile 53.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2025-06-29

CWE

CWE-22 CWE-23

Status published

Products (9)

fortinet/fortios 7.2.0

fortinet/fortios 7.2.1

fortinet/fortios 7.2.2

fortinet/fortios 6.2.0 - 6.2.12

fortinet/fortiproxy 7.2.0

fortinet/fortiproxy 7.2.1

fortinet/fortiproxy 1.1.0 - 1.1.6

fortinet/fortiswitchmanager 7.0.0

fortinet/fortiswitchmanager 7.2.0

Published Feb 16, 2023

Tracked Since Feb 18, 2026