CVE-2022-41335

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.4.10 and earlier, 7.0.0 through 7.0.8, 7.2.0 through 7.2.2 FortiProxy versions 2.0.10 and earlier, 7.0.0 through 7.0.7, 7.2.0 through 7.2.1 FortiSwitchManager versions 7.0.0 and earlier, 7.2.0

Description A relative path traversal issue allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP, HTTPS, or CLI requests. This is due to errors in handling relative path requests. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For FortiOS versions 6.4.10 and earlier, update to version 6.4.10 or later to resolve the issue. For FortiOS versions 7.0.0 through 7.0.8, update to a version later than 7.0.8 to resolve the issue. For FortiOS versions 7.2.0 through 7.2.2, update to a version later than 7.2.2 to resolve the issue. For FortiProxy versions 2.0.10 and earlier, update to version 2.0.10 or later to resolve the issue. For FortiProxy versions 7.0.0 through 7.0.7, update to a version later than 7.0.7 to resolve the issue. For FortiProxy versions 7.2.0 through 7.2.1, update to a version later than 7.2.1 to resolve the issue. For FortiSwitchManager versions 7.0.0 and earlier, update to version 7.0.0 or later to resolve the issue. For FortiSwitchManager version 7.2.0, update to a version later than 7.2.0 to resolve the issue.