Multiple path traversal vulnerabilities Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-085 Final 1 1 2023-10-11T00:00:00 Current version 2023-10-11T00:00:00 2023-10-11T00:00:00 A relative path traversal vulnerability [CWE-23] in FortiSIEM file upload components may allow an authenticated, low privileged user of the FortiSIEM GUI to escalate their privilege and replace arbitrary files on the underlying filesystem via specifically crafted HTTP requests. None Escalation of privilege FortiSIEM version 7.0.0FortiSIEM version 6.7.0 through 6.7.3FortiSIEM version 6.6.0 through 6.6.3FortiSIEM version 6.5.0 through 6.5.1FortiSIEM version 6.4.0 through 6.4.2FortiSIEM 6.3 all versions are not affectedFortiSIEM 6.2 all versions are not affectedFortiSIEM 6.1 all versions are not affectedFortiSIEM 5.4 all versions are not affectedFortiSIEM 5.3 all versions are not affected Please upgrade to FortiSIEM version 7.0.1 or abovePlease upgrade to FortiSIEM version 6.7.4 or abovePlease upgrade to FortiSIEM version 6.6.4 or abovePlease upgrade to FortiSIEM version 6.5.2 or abovePlease upgrade to FortiSIEM version 6.4.3 or above Internally discovered and reported by Lance Yeaw from ETAC team. FortiSIEM 7.0.0 FortiSIEM 6.7.3 FortiSIEM 6.7.2 FortiSIEM 6.7.1 FortiSIEM 6.7.0 FortiSIEM 6.6.3 FortiSIEM 6.6.2 FortiSIEM 6.6.1 FortiSIEM 6.6.0 FortiSIEM 6.5.1 FortiSIEM 6.5.0 FortiSIEM 6.4.2 FortiSIEM 6.4.1 FortiSIEM 6.4.0 CVE-2023-40714 FortiSIEM-7.0.0 FortiSIEM-6.7.3 FortiSIEM-6.7.2 FortiSIEM-6.7.1 FortiSIEM-6.7.0 FortiSIEM-6.6.3 FortiSIEM-6.6.2 FortiSIEM-6.6.1 FortiSIEM-6.6.0 FortiSIEM-6.5.1 FortiSIEM-6.5.0 FortiSIEM-6.4.2 FortiSIEM-6.4.1 FortiSIEM-6.4.0 9.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-23-085 Multiple path traversal vulnerabilities Reference>