First published: Thu Feb 16 2023(Updated: )
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiSwitchManager | =7.0.0 | |
Fortinet FortiSwitchManager | =7.2.0 | |
Fortinet FortiProxy | >=1.1.0<=1.1.6 | |
Fortinet FortiProxy | >=1.2.0<=1.2.13 | |
Fortinet FortiProxy | >=2.0.0<=2.0.10 | |
Fortinet FortiProxy | >=7.0.0<=7.0.7 | |
Fortinet FortiProxy | =7.2.0 | |
Fortinet FortiProxy | =7.2.1 | |
Fortinet FortiOS | >=6.2.0<=6.2.12 | |
Fortinet FortiOS | >=6.4.0<=6.4.10 | |
Fortinet FortiOS | >=7.0.0<=7.0.8 | |
Fortinet FortiOS | =7.2.0 | |
Fortinet FortiOS | =7.2.1 | |
Fortinet FortiOS | =7.2.2 |
Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above Please upgrade to FortiOS version 6.4.11 or above Please upgrade to FortiOS version 6.2.13 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiProxy version 2.0.11 or above Please upgrade to FortiSwitchManager version 7.2.1 or above Please upgrade to FortiSwitchManager version 7.0.1 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-41335 is a relative path traversal vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager.
Fortinet FortiOS 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, and versions before 6.4.10; FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, and versions before 2.0.10; FortiSwitchManager 7.2.0 and versions before 7.0.0 are affected by CVE-2022-41335.
CVE-2022-41335 has a severity score of 8.1 (high).
An authenticated attacker can exploit CVE-2022-41335 to perform relative path traversal and read sensitive files.
Yes, Fortinet has released patches to address the vulnerability. It is recommended to update to the latest version of affected software.