CVE-2024-35274

Name of the Vulnerable Software and Affected Versions Fortinet FortiAnalyzer versions prior to 7.4.2 Fortinet FortiManager versions prior to 7.4.2 Fortinet FortiAnalyzer-BigData versions prior to 7.2.7 and version 7.4.0

Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability. This allows a privileged attacker with read-write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests. The vulnerability can be exploited by sending specially crafted requests, potentially allowing an attacker to access and modify files in a directory.

Recommendations For Fortinet FortiAnalyzer versions prior to 7.4.2, update to version 7.4.2 or later. For Fortinet FortiManager versions prior to 7.4.2, update to version 7.4.2 or later. For Fortinet FortiAnalyzer-BigData versions prior to 7.2.7 and version 7.4.0, update to a version later than 7.2.7 and not including 7.4.0. As a temporary workaround, consider restricting access to the affected CLI requests until a patch is available.