CVE-2023-42791

Name of the Vulnerable Software and Affected Versions Fortinet FortiManager versions 6.2.0 through 6.2.11 Fortinet FortiManager versions 6.4.0 through 6.4.12 Fortinet FortiManager versions 7.0.0 through 7.0.8 Fortinet FortiManager versions 7.2.0 through 7.2.3 Fortinet FortiManager version 7.4.0

Description The issue is related to a relative path traversal error in the processing of directory paths. This can be exploited by a remote attacker who sends a specially crafted HTTP request, allowing them to execute arbitrary code.

Recommendations For Fortinet FortiManager versions 6.2.0 through 6.2.11, update to a version that contains a fix for this issue. For Fortinet FortiManager versions 6.4.0 through 6.4.12, update to a version that contains a fix for this issue. For Fortinet FortiManager versions 7.0.0 through 7.0.8, update to a version that contains a fix for this issue. For Fortinet FortiManager versions 7.2.0 through 7.2.3, update to a version that contains a fix for this issue. For Fortinet FortiManager version 7.4.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the vulnerable HTTP endpoints until a patch is available.