FortiExtender - Path Traversal vulnerability

Summary

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

Version Affected Solution
FortiExtender 7.2 Not affected Upgrade to 7.2.0 or above
FortiExtender 7.0 7.0.0 through 7.0.3 Upgrade to 7.0.4 or above
FortiExtender 5.3 5.3 all versions Migrate to a fixed release
FortiExtender 4.2 4.2.0 through 4.2.4 Upgrade to 4.2.5 or above
FortiExtender 4.1 4.1.1 through 4.1.8 Upgrade to 4.1.9 or above
FortiExtender 4.0 4.0.0 through 4.0.2 Upgrade to 4.0.3 or above
FortiExtender 3.3 3.3.0 through 3.3.2 Upgrade to 3.3.3 or above
FortiExtender 3.2 3.2.1 through 3.2.3 Upgrade to 3.2.4 or above

Acknowledgement

Fortinet is pleased to thank Bicking Thomas from TÜV Rheinland i-sec GmbH for reporting this vulnerability under responsible disclosure.

Timeline

2023-07-07: Initial publication