FortiManager / FortiAnalyzer - Authorization bypass via key value controlled by user

Summary

An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiManager & FortiAnalyzer may allow a remote attacker with low privileges to read sensitive information via crafted HTTP requests.

Version Affected Solution
FortiAnalyzer 7.4 7.4.0 Upgrade to 7.4.1 or above
FortiAnalyzer 7.2 7.2.0 through 7.2.3 Upgrade to 7.2.4 or above
FortiAnalyzer 7.0 7.0.0 through 7.0.9 Upgrade to 7.0.10 or above
FortiAnalyzer 6.4 6.4 all versions Migrate to a fixed release
FortiAnalyzer 6.2 6.2 all versions Migrate to a fixed release
FortiManager 7.4 7.4.0 Upgrade to 7.4.1 or above
FortiManager 7.2 7.2.0 through 7.2.3 Upgrade to 7.2.4 or above
FortiManager 7.0 7.0.0 through 7.0.9 Upgrade to 7.0.10 or above
FortiManager 6.4 6.4 all versions Migrate to a fixed release
FortiManager 6.2 6.2 all versions Migrate to a fixed release

Acknowledgement

Fortinet is pleased to thank security researchers Mickael Dorigny at Orange Cyberdéfense, Hélène Saliou, Frédéric Prevost, François-Xavier Picard and Orange CERT-CC at Orange group for discovering and reporting this vulnerability under responsible disclosure.

Timeline

2023-10-10: Initial publication