Multiple Vulnerabilities in FortiManager
SummaryMultiple vulnerabilities have been discovered in FortiManager.
DescriptionCertain versions of FortiManager are subject to the following vulnerabilities:
1. Escalation of Privileges: under certain circumstances, there exists the possibility for a user to escalate privileges by modifying specific parameters.
3. SQL Injection: a remote attacker may be able to perform an SQL Injection attack on the FortiManager via an improperly sanitized input.
4. Local Privilege Escalation via CLI: certain commands can be exploited to allow the passing of additional code which can allow an escalation of privileges.
5. Arbitrary File Download: an opportunity exists for an attacker to obtain arbitrary files from the FortiManager which can lead to information disclosure. This vulnerability requires an attacker to exploit another vulnerability to escalate their privileges.
Impact DetailEscalation of Privileges, Cross-Site Scripting, SQL Query Execution, SQL Injection, Arbitrary File Download.
Affected ProductsFortiManager v.5.2.1 and earlierFortiManager v5.0.10 and earlier
SolutionsFortiManager v5.0 through v5.0.10: Upgrade to FortiManager v5.0.11. You may also upgrade to FortiManager to v5.2.2, which is also available.
FortiManager v5.2 through v5.2.1: Upgrade FortiManager to v5.2.2.