CVE-2023-44251

Name of the Vulnerable Software and Affected Versions FortiWAN versions 5.1.1 through 5.1.2 FortiWAN versions 5.2.0 through 5.2.1

Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'path traversal' vulnerability. This may allow an authenticated attacker to read and delete arbitrary files of the system via crafted HTTP or HTTPS requests. The vulnerability can be exploited by sending specially crafted requests, potentially allowing the attacker to access, modify, or delete data and execute arbitrary commands.

Recommendations For FortiWAN versions 5.1.1 through 5.1.2, consider restricting access to the system until a patch is available. For FortiWAN versions 5.2.0 through 5.2.1, consider disabling the ability to send crafted HTTP or HTTPS requests to minimize the risk of exploitation. As a temporary workaround, consider limiting the access to the system and monitoring the traffic to detect potential exploitation attempts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.