Skip to main content

Fortinet FortiOS CVE-2022-41328

MEDIUM
Path Traversal (CWE-22)
2023-03-07 psirt@fortinet.com
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 26, 2026 - 11:19 vuln.today
Added to CISA KEV
Oct 24, 2025 - 12:54 cisa
CISA KEV
CVE Published
Mar 07, 2023 - 17:15 nvd
MEDIUM 6.7

DescriptionCVE.org

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.

AnalysisAI

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on...

Technical ContextAI

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

Affected ProductsAI

Affected: Fortinet FortiOS

RemediationAI

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

Share

CVE-2022-41328 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy