Improper access control in backup and restore features

Improper access control in backup and restore features Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-103 Final 1 1 2024-03-12T00:00:00 Current version 2024-03-12T00:00:00 2025-01-27T00:00:00 An improper access control vulnerability [`CWE-284]` in FortiWLM MEA for FortiManager may allow an unauthenticated remote attacker to execute arbitrary code or commands via specifically crafted requests.Note that FortiWLM MEA is not installed by default on FortiManager and can be disabled as a workaround. None Execute unauthorized code or commands None Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team. FortiManager 7.4.0 FortiManager 7.2.3 FortiManager 7.2.2 FortiManager 7.2.1 FortiManager 7.2.0 FortiManager 7.0.10 FortiManager 7.0.9 FortiManager 7.0.8 FortiManager 7.0.7 FortiManager 7.0.6 FortiManager 7.0.5 FortiManager 7.0.4 FortiManager 7.0.3 FortiManager 7.0.2 FortiManager 7.0.1 FortiManager 7.0.0 FortiManager 6.4.13 FortiManager 6.4.12 FortiManager 6.4.11 FortiManager 6.4.10 FortiManager 6.4.9 FortiManager 6.4.8 FortiManager 6.4.7 FortiManager 6.4.6 FortiManager 6.4.5 FortiManager 6.4.4 FortiManager 6.4.3 FortiManager 6.4.2 FortiManager 6.4.1 FortiManager 6.4.0 FortiManager 6.2.13 FortiManager 6.2.12 FortiManager 6.2.11 FortiManager 6.2.10 FortiManager 6.2.9 FortiManager 6.2.8 FortiManager 6.2.7 FortiManager 6.2.6 FortiManager 6.2.5 FortiManager 6.2.4 FortiManager 6.2.3 FortiManager 6.2.2 FortiManager 6.2.1 FortiManager 6.2.0 Improper access control in backup and restore features CVE-2023-36554 FortiManager-7.4.0 FortiManager-7.2.3 FortiManager-7.2.2 FortiManager-7.2.1 FortiManager-7.2.0 FortiManager-7.0.10 FortiManager-7.0.9 FortiManager-7.0.8 FortiManager-7.0.7 FortiManager-7.0.6 FortiManager-7.0.5 FortiManager-7.0.4 FortiManager-7.0.3 FortiManager-7.0.2 FortiManager-7.0.1 FortiManager-7.0.0 FortiManager-6.4.13 FortiManager-6.4.12 FortiManager-6.4.11 FortiManager-6.4.10 FortiManager-6.4.9 FortiManager-6.4.8 FortiManager-6.4.7 FortiManager-6.4.6 FortiManager-6.4.5 FortiManager-6.4.4 FortiManager-6.4.3 FortiManager-6.4.2 FortiManager-6.4.1 FortiManager-6.4.0 FortiManager-6.2.13 FortiManager-6.2.12 FortiManager-6.2.11 FortiManager-6.2.10 FortiManager-6.2.9 FortiManager-6.2.8 FortiManager-6.2.7 FortiManager-6.2.6 FortiManager-6.2.5 FortiManager-6.2.4 FortiManager-6.2.3 FortiManager-6.2.2 FortiManager-6.2.1 FortiManager-6.2.0 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-23-103 Improper access control in backup and restore features Reference>