CVE-2022-41328

CVSS 6.5 MEDIUMEPSS 12.3%● KEVCWE-22

Vexday Risk Score

48Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 6.5EPSS 12.3%KEV simPoC —Nuclei —Metasploit —Patch —

Lifecycle

07 Mar 2023Published on NVD

14 Mar 2023Active exploitation (CISA KEV)

Recommendation: Plan a near-term fix — a public PoC already exists.

In short

A privileged attacker can read and write files outside intended directories in FortiOS through specially crafted commands. This allows unauthorized access to sensitive system files that should be protected.

Technical detail

Path traversal vulnerability in FortiOS CLI command processing allows authenticated privileged users to bypass directory restrictions and access arbitrary files on the underlying Linux filesystem. Attack vector requires CLI access with elevated privileges; impact includes confidentiality and integrity compromise of system files.

Summary generated and translated by AI from the official description.

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C

Affected products

Fortinet · FortiOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.com/psirt/FG-IR-22-369 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41328