VDB
CVE-2022-41335
CVE-2022-41335
PUBLISHED
CVSS 8.600000381469727 HIGH
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests.
EPSS 0.30% · 53.9th percentile
Risk Scores
CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C
EPSS Score
0.30%
53.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiSwitchManager | 7.0.0, 7.2.0 |
| fortinet | fortiswitchmanager | 7.2.0, 7.2.0, 7.0.0 |
| fortinet | fortiproxy | 7.2.0, 1.2.0, 2.0.0 |
| Fortinet | FortiOS | 7.2.0, 6.2.0, 6.4.0 |
| fortinet | fortios | 7.2.1, 7.2.2, 6.4.0 |
| Fortinet | FortiProxy | 1.0.0, 1.2.0, 1.1.0 |
Exploit Intelligence
- CIRCL seen: CVE-2022-41335 (circl-sighting)
- https://fortiguard.com/psirt/FG-IR-22-391 (circl)
- https://www.cybereason.com/hubfs/Consulting/TTP%20Briefing/Cybereason_TTP_Briefing_Jan-May-2025.pdf (vulncheck)
- (vulncheck-reported-exploitation)
- (vulncheck-reported-exploitation)
- (vulncheck-reported-exploitation)
Timeline
- Feb 16, 2023 CVE Published
- Feb 17, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 29, 2023 EPSS Score
- May 7, 2023 EPSS Score
- Jun 16, 2023 EPSS Score
- Jul 25, 2023 EPSS Score
- Sep 3, 2023 EPSS Score
- Oct 13, 2023 EPSS Score
- Nov 21, 2023 EPSS Score
- Dec 31, 2023 EPSS Score
- Feb 8, 2024 EPSS Score