CVE-2022-41328: Path Traversal Vulnerability in Fortinet FortiOS Allows Privileged Attacker to Read and Write Files on the Underlying Linux System

A recently discovered path traversal vulnerability (CVE-2022-41328) affects Fortinet FortiOS versions 7.2. through 7.2.3, 7.. through 7..9, and versions before 6.4.11. This vulnerability, classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), allows a privileged attacker to read and write files on the underlying Linux system using specifically crafted Command Line Interface (CLI) commands.

Details

The path traversal vulnerability in Fortinet FortiOS is caused by improper limitation of a pathname to a restricted directory, allowing an attacker to move up the directory structure and access sensitive files or directories they were not intended to access.

With this vulnerability, a privileged attacker can potentially read and write files on the underlying Linux system, leading to unauthorized access to sensitive data, loss of data integrity, and other security breaches.

Exploit

An example of an exploit for this vulnerability can be demonstrated by crafting a CLI command to read a sensitive Linux system file, such as the "/etc/passwd" file:

# Example CLI command to exploit CVE-2022-41328
get system-parent-directory "../../../../etc/"
get restricted-directory-passwd "passwd"

Upon successful execution, the attacker can view the contents of the "/etc/passwd" file, which contains user account information, including hashed passwords.

Mitigation

To mitigate this vulnerability, Fortinet has released updates to address the issue. Affected users should upgrade to FortiOS version 7.2.4, 7..10, or 6.4.12, depending on their current software branch. The updates are available on the Fortinet support website.

1. CWE-22 - Improper Limitation of a Pathname to a Restricted Directory: https://cwe.mitre.org/data/definitions/22.html
2. Fortinet Security Advisory - FG-IR-21-260: https://www.fortiguard.com/psirt/FG-IR-21-260
3. Fortinet support website: https://support.fortinet.com

Conclusion

CVE-2022-41328 is a serious path traversal vulnerability affecting multiple versions of Fortinet FortiOS. By exploiting this vulnerability, an attacker can read and write sensitive files on the underlying Linux system, potentially leading to a variety of security risks. Users are strongly advised to update their Fortinet FortiOS software to the latest patched version to address the vulnerability and protect their systems from unauthorized access and data breaches.

Timeline

Published on: 03/07/2023 17:15:00 UTC
Last modified on: 03/14/2023 15:20:00 UTC