1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Fortinet FortiOS Path Traversal Vulnerability

Known Exploited Vulnerabilities CVE-2022-41328 Mappings

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2022-41328 Fortinet FortiOS Path Traversal Vulnerability secondary_impact T1049 System Network Connections Discovery
Comments
CVE-2022-41328 is a path traversal vulnerability that allows a privileged attacked to read and write to files on the underlying Linux system via crafted CLI commands. Adversaries have been observed modifying files that establish persistence upon boot. The malicious files provide the adversaries with the capabilities of: data exfiltration, download/write files, remote shell, and discovery of network connections.
References
  1. https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis
CVE-2022-41328 Fortinet FortiOS Path Traversal Vulnerability secondary_impact T1565.001 Stored Data Manipulation
Comments
CVE-2022-41328 is a path traversal vulnerability that allows a privileged attacked to read and write to files on the underlying Linux system via crafted CLI commands. Adversaries have been observed modifying files that establish persistence upon boot. The malicious files provide the adversaries with the capabilities of: data exfiltration, download/write files, remote shell, and discovery of network connections.
References
  1. https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis
CVE-2022-41328 Fortinet FortiOS Path Traversal Vulnerability primary_impact T1037 Boot or Logon Initialization Scripts
Comments
CVE-2022-41328 is a path traversal vulnerability that allows a privileged attacked to read and write to files on the underlying Linux system via crafted CLI commands. Adversaries have been observed modifying files that establish persistence upon boot. The malicious files provide the adversaries with the capabilities of: data exfiltration, download/write files, remote shell, and discovery of network connections.
References
  1. https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis
CVE-2022-41328 Fortinet FortiOS Path Traversal Vulnerability exploitation_technique T1574 Hijack Execution Flow
Comments
CVE-2022-41328 is a path traversal vulnerability that allows a privileged attacked to read and write to files on the underlying Linux system via crafted CLI commands. Adversaries have been observed modifying files that establish persistence upon boot. The malicious files provide the adversaries with the capabilities of: data exfiltration, download/write files, remote shell, and discovery of network connections.
References
  1. https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis