VDB

GSD-2022-41335

GSD-2022-41335 PUBLISHED CVSS 8.600000381469727 HIGH

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests.

Risk Scores

CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C

Affected Products

VendorProductVersions
FortinetFortiSwitchManager7.0.0, 7.2.0
FortinetFortiOS7.0.0, 7.2.0, 6.4.0
FortinetFortiProxy1.2.0, 1.1.0, 1.2.0

Timeline

  • Feb 16, 2023 CVE Published
  • Jul 1, 2025 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›