VDB
GSD-2022-41335
GSD-2022-41335
PUBLISHED
CVSS 8.600000381469727 HIGH
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests.
Risk Scores
CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiSwitchManager | 7.0.0, 7.2.0 |
| Fortinet | FortiOS | 7.0.0, 7.2.0, 6.4.0 |
| Fortinet | FortiProxy | 1.2.0, 1.1.0, 1.2.0 |
Timeline
- Feb 16, 2023 CVE Published
- Jul 1, 2025 PoC Published