CVE-2022-41335: Uncovering a Relative Path Traversal Vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager

A new vulnerability, identified as CVE-2022-41335, has been discovered in multiple versions of Fortinet's FortiOS, FortiProxy, and FortiSwitchManager products. This vulnerability, classified as a Relative Path Traversal (CWE-23), allows an authenticated attacker to read and write files on the underlying Linux system through specially crafted HTTP requests.

Details of the Vulnerability

In the affected products, an authenticated attacker can exploit the relative path traversal vulnerability to access sensitive information or overwrite files on the underlying Linux system. This can lead to compromise of the entire system and unauthorized access to critical data.

The attack involves sending specially crafted HTTP requests that contain a relative path to the target files on the Linux system. By manipulating the HTTP request to include a relative path (e.g., using "../" to traverse up the directory tree), the attacker can access or modify files outside the expected scope.

A simple example of exploiting this vulnerability in a vulnerable Fortinet product would look like this code snippet (for illustration purposes only):

import requests

url = "http://target_fortinet_device/some_endpoint";
cookies = {"auth-cookie": "valid_authentication_cookie"}

# Define the relative path to the target file
relative_path = "../../../../../../../../../../etc/passwd"
payload = {"target_file": relative_path}

response = requests.post(url, data=payload, cookies=cookies)
print(response.text)

This code snippet demonstrates an authenticated attacker attempting to read the /etc/passwd file on the target Fortinet device by exploiting the relative path traversal vulnerability.

Further details and original references for this vulnerability can be found at

1. MITRE's Common Vulnerabilities & Exposures (CVE) database: CVE-2022-41335
2. Common Weakness Enumeration (CWE) website: CWE-23: Relative Path Traversal
3. Fortinet's Security Advisories: FG-IR-21-292

Mitigation and Recommendations

Fortinet has released patches for the affected versions of the FortiOS, FortiProxy, and FortiSwitchManager products. Users are strongly advised to update to the latest versions to fix the vulnerability. Additionally, it is crucial to follow security best practices, such as limiting access to sensitive systems and regularly monitoring logs for any signs of unauthorized activities.

In conclusion, CVE-2022-41335 is a serious vulnerability that could lead to the compromise of sensitive information and the ability for an attacker to execute further attacks on affected systems. Users are urged to patch their systems to mitigate the risk of exploitation.

Timeline

Published on: 02/16/2023 19:15:00 UTC
Last modified on: 02/27/2023 18:04:00 UTC