CVE-2024-32116

Name of the Vulnerable Software and Affected Versions FortiManager versions 7.4.0 through 7.4.2 and prior to 7.2.5 FortiAnalyzer versions 7.4.0 through 7.4.2 and prior to 7.2.5 FortiAnalyzer-BigData versions 7.4.0 and prior to 7.2.7

Description The issue is related to errors in handling relative paths to directories in the Command Line Interface (CLI) of Fortinet FortiManager and FortiAnalyzer, as well as FortiAnalyzer-BigData. This allows a remote attacker to delete arbitrary files in the file system by sending specially crafted requests. The vulnerability can be exploited by a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.

Recommendations For FortiManager versions 7.4.0 through 7.4.2 and prior to 7.2.5, update to a version that includes the fix for this issue. For FortiAnalyzer versions 7.4.0 through 7.4.2 and prior to 7.2.5, update to a version that includes the fix for this issue. For FortiAnalyzer-BigData versions 7.4.0 and prior to 7.2.7, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the CLI interface to minimize the risk of exploitation.