CVE-2023-36554

Name of the Vulnerable Software and Affected Versions Fortinet FortiManager version 6.2 Fortinet FortiManager versions 6.4.0 through 6.4.13 Fortinet FortiManager versions 7.0.0 through 7.0.10 Fortinet FortiManager versions 7.2.0 through 7.2.3 Fortinet FortiManager version 7.4.0

Description The issue is related to improper access control in Fortinet FortiManager, which can be exploited by an attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Recommendations For Fortinet FortiManager version 6.2, update to a version that includes the fix for this issue. For Fortinet FortiManager versions 6.4.0 through 6.4.13, update to a version that includes the fix for this issue. For Fortinet FortiManager versions 7.0.0 through 7.0.10, update to a version that includes the fix for this issue. For Fortinet FortiManager versions 7.2.0 through 7.2.3, update to a version that includes the fix for this issue. For Fortinet FortiManager version 7.4.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable HTTP endpoints until a patch is available.