Skip to content

20230315004 Fortinet FortiOS Path Traversal Vulnerability

Fortinet FortiOS Path Traversal Vulnerability - 20230315004

Overview

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') in FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands.

What is the vulnerability?

CVE-2022-41328 - CVSS v3 Base Score: 6.5

What is vulnerable?

The vulnerability exists in the following products:

  • FortiOS version 7.2.0 through 7.2.3

  • FortiOS version 7.0.0 through 7.0.9

  • FortiOS version 6.4.0 through 6.4.11

  • FortiOS 6.2 all versions

  • FortiOS 6.0 all versions

Recommendation

  • Please upgrade to FortiOS version 7.2.4 or above

  • Please upgrade to FortiOS version 7.0.10 or above

  • Please upgrade to FortiOS version 6.4.12 or above

Reference

Fortinet - FortiOS