# CVE-2022-41328

> A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.

- **CVSS:** 6.7 (MEDIUM)
- **EPSS:** 0.2%
- **CISA KEV:** yes
- **CWE:** CWE-22

Canonical: https://intel.threadlinqs.com/cve/CVE-2022-41328
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp