ID

VAR-202302-1418


CVE

CVE-2022-41335


TITLE

Path traversal vulnerability in multiple Fortinet products

Trust: 0.8

sources: JVNDB: JVNDB-2022-019903

DESCRIPTION

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests. fortinet's FortiSwitch Manager , FortiProxy , FortiOS Exists in a past traversal vulnerability.Information may be obtained and information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-41335 // JVNDB: JVNDB-2022-019903 // VULHUB: VHN-437474 // VULMON: CVE-2022-41335

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiswitchmanagerscope:eqversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:1.1.6

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:7.2.1

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:eqversion:7.2.1

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:1.1.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.2.12

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:2.0.10

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.4.10

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:1.2.13

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:2.0.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:eqversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:gteversion:1.2.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:7.0.7

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:7.2.2

Trust: 1.0

vendor:fortinetmodel:fortiswitchmanagerscope:eqversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:7.0.8

Trust: 1.0

vendor:フォーティネットmodel:fortiosscope:eqversion:7.2.0

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:7.2.2

Trust: 0.8

vendor:フォーティネットmodel:fortiswitch managerscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiproxyscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:7.0.0 to 7.0.8

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:6.4.0 to 6.4.10

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:6.2.0 to 6.2.12

Trust: 0.8

vendor:フォーティネットmodel:fortiosscope:eqversion:7.2.1

Trust: 0.8

sources: JVNDB: JVNDB-2022-019903 // NVD: CVE-2022-41335

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-41335
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2022-41335
value: HIGH

Trust: 1.0

NVD: CVE-2022-41335
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-1427
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-41335
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2022-41335
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-41335
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019903 // CNNVD: CNNVD-202302-1427 // NVD: CVE-2022-41335 // NVD: CVE-2022-41335

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-23

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-437474 // JVNDB: JVNDB-2022-019903 // NVD: CVE-2022-41335

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1427

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202302-1427

PATCH

title:FG-IR-22-391url:https://www.fortiguard.com/psirt/FG-IR-22-391

Trust: 0.8

title:Fortinet FortiOS and FortiSwitch Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226970

Trust: 0.6

sources: JVNDB: JVNDB-2022-019903 // CNNVD: CNNVD-202302-1427

EXTERNAL IDS

db:NVDid:CVE-2022-41335

Trust: 3.4

db:JVNDBid:JVNDB-2022-019903

Trust: 0.8

db:CNNVDid:CNNVD-202302-1427

Trust: 0.6

db:VULHUBid:VHN-437474

Trust: 0.1

db:VULMONid:CVE-2022-41335

Trust: 0.1

sources: VULHUB: VHN-437474 // VULMON: CVE-2022-41335 // JVNDB: JVNDB-2022-019903 // CNNVD: CNNVD-202302-1427 // NVD: CVE-2022-41335

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-22-391

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-41335

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-41335/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-437474 // VULMON: CVE-2022-41335 // JVNDB: JVNDB-2022-019903 // CNNVD: CNNVD-202302-1427 // NVD: CVE-2022-41335

SOURCES

db:VULHUBid:VHN-437474
db:VULMONid:CVE-2022-41335
db:JVNDBid:JVNDB-2022-019903
db:CNNVDid:CNNVD-202302-1427
db:NVDid:CVE-2022-41335

LAST UPDATE DATE

2024-08-14T14:10:18.521000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-437474date:2023-02-27T00:00:00
db:VULMONid:CVE-2022-41335date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2022-019903date:2023-10-30T01:23:00
db:CNNVDid:CNNVD-202302-1427date:2023-02-28T00:00:00
db:NVDid:CVE-2022-41335date:2023-11-07T03:52:48.110

SOURCES RELEASE DATE

db:VULHUBid:VHN-437474date:2023-02-16T00:00:00
db:VULMONid:CVE-2022-41335date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2022-019903date:2023-10-30T00:00:00
db:CNNVDid:CNNVD-202302-1427date:2023-02-16T00:00:00
db:NVDid:CVE-2022-41335date:2023-02-16T19:15:13.513