PT-2025-14468 · Fortinet · Fortisiem
Published
2023-10-11
·
Updated
2025-07-15
·
CVE-2023-40714
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiSIEM versions 6.5.0 through 6.5.1, 6.6.0 through 6.6.3, 6.7.0 through 6.7.2, 7.0.0
Description
A relative path traversal issue allows an attacker to escalate privileges via uploading certain GUI elements. This issue can be exploited to gain super-admin privileges.
Recommendations
For versions 6.5.0 through 6.5.1, update to version 6.5.2 or later.
For versions 6.6.0 through 6.6.3, update to version 6.6.4 or later.
For versions 6.7.0 through 6.7.2, update to version 6.7.4 or later.
For version 7.0.0, update to version 7.0.1 or later.
As a temporary workaround, consider restricting access to the GUI elements that can be uploaded to minimize the risk of exploitation.
Fix
LPE
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortisiem