CVE-2024-36508

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 7.4.0 through 7.4.2 and prior to 7.2.5 Fortinet FortiAnalyzer versions 7.4.0 through 7.4.2 and prior to 7.2.5

Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability. This allows an authenticated admin user with diagnose privileges to delete files on the system via the CLI. The vulnerability can be exploited to gain read, modify, or delete access to data.

Recommendations: For Fortinet FortiManager versions 7.4.0 through 7.4.2 and prior to 7.2.5, update to a version that includes the fix for this issue. For Fortinet FortiAnalyzer versions 7.4.0 through 7.4.2 and prior to 7.2.5, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the CLI for authenticated admin users with diagnose privileges until a patch is available.