Vulnetix
Try Vulnetix Request Demo
CVE-2022-41335 PUBLISHED CVSS 8.600000381469727 HIGH

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests.

EPSS 0.31% · 54.2th percentile

Risk Scores

CVSS v3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C
EPSS Score
0.31%
54.2th percentile

Affected Products

VendorProductVersions
FortinetFortiSwitchManager7.0.0, 7.2.0
fortinetfortiswitchmanager7.0.0, 7.2.0, 7.0.0
fortinetfortiproxy7.0.0, 1.1.0, 1.2.0
FortinetFortiOS6.2.0, 7.2.0, 7.0.0
fortinetfortios7.2.2, 7.2.0, 7.2.1
FortinetFortiProxy1.1.0, 1.2.0, 1.1.0

Timeline

References

Open in Interactive Console →