CVE-2022-41328

CVSS 6.5 MEDIUMEPSS 12.3%● KEVCWE-22

In short

A privileged attacker can read and write files outside intended directories in FortiOS through specially crafted commands. This allows unauthorized access to sensitive system files that should be protected.

Technical detail

Path traversal vulnerability in FortiOS CLI command processing allows authenticated privileged users to bypass directory restrictions and access arbitrary files on the underlying Linux filesystem. Attack vector requires CLI access with elevated privileges; impact includes confidentiality and integrity compromise of system files.

Summary generated and translated by AI from the official description.

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C

Affected products

Fortinet · FortiOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.com/psirt/FG-IR-22-369 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41328