FortiManager & FortiAnalyzer - Path traversal via unrestricted file upload

Summary

A relative path traversal [CWE-23] vulnerability in FortiManager and FortiAnalyzer may allow a remote attacker with low privileges to execute unauthorized code via crafted HTTP requests.

Version Affected Solution
FortiAnalyzer 7.4 7.4.0 Upgrade to 7.4.1 or above
FortiAnalyzer 7.2 7.2.0 through 7.2.3 Upgrade to 7.2.4 or above
FortiAnalyzer 7.0 7.0.0 through 7.0.8 Upgrade to 7.0.9 or above
FortiAnalyzer 6.4 6.4.0 through 6.4.12 Upgrade to 6.4.13 or above
FortiAnalyzer 6.2 6.2.0 through 6.2.11 Upgrade to 6.2.12 or above
FortiManager 7.4 7.4.0 Upgrade to 7.4.1 or above
FortiManager 7.2 7.2.0 through 7.2.3 Upgrade to 7.2.4 or above
FortiManager 7.0 7.0.0 through 7.0.8 Upgrade to 7.0.9 or above
FortiManager 6.4 6.4.0 through 6.4.12 Upgrade to 6.4.13 or above
FortiManager 6.2 6.2.0 through 6.2.11 Upgrade to 6.2.12 or above

Acknowledgement

Fortinet is pleased to thank security researchers Paul BARBE, Antoine CARRINCAZEAUX and Clément AMIC from Synacktiv (https://www.synacktiv.com) for discovering and reporting this vulnerability under responsible disclosure.

Timeline

2023-10-10: Initial publication