发布于3月6日3月6日 Members Fortinet FortiOS: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2022-41328) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:N) Published 03/07/2023 Created 03/16/2023 Added 03/16/2023 Modified 01/30/2025 Description A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands. Solution(s) fortios-upgrade-6_2_14 fortios-upgrade-6_4_12 fortios-upgrade-7_0_10 fortios-upgrade-7_2_4 References https://attackerkb.com/topics/cve-2022-41328 CVE - 2022-41328 https://fortiguard.com/psirt/FG-IR-22-369
