KEVIntel
Back to KEVs
6.5
CVSS
Medium

CVE-2022-41328

PUBLISHED

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through...

Exploited in the wild Low complexity No user interaction
Vendor
Fortinet
Product
FortiOS
Published
Mar 07, 2023
EPSS

Description

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.

linux ios cisa edge nessus_scanner

CVSS scores

CVSS v3.1 6.5 Medium

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C

Exploitation status

Exploited in the wild

Recorded 2023-03-14 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Mar 14, 2023

Scanner integrations

Scanner Reference Detected
Nessus https://www.tenable.com/plugins/nessus/197615 Jun 02, 2025

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Nessus