GSD-2022-41335 — Vulnetix

GSD-2022-41335 PUBLISHED CVSS 8.600000381469727 HIGH

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests.

Risk Scores

CVSS v3.1

8.600000381469727

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C

Affected Products

Vendor	Product	Versions
Fortinet	FortiSwitchManager	7.2.0, 7.0.0
Fortinet	FortiOS	6.4.0, 6.2.0, 7.0.0
Fortinet	FortiProxy	7.2.0, 7.0.0, 1.2.0

Timeline

Feb 16, 2023 CVE Published
Jul 1, 2025 PoC Published

References

https://fortiguard.com/psirt/FG-IR-22-391 url

Open in Interactive Console →