Executive Risk Summary
"A path traversal vulnerability in Fortinet FortiManager and other products may allow a remote authenticated attacker to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder, potentially leading to data integrity issues. This vulnerability affects multiple Fortinet products, including FortiManager, FortiOS, and FortiProxy, and requires immediate attention to prevent potential attacks."
Operational Audit Arsenal
Manual Verification Required
This is a non-Windows asset (Fortinet). Use the target asset details above to verify your version against vendor advisories.
Patch Impact Forecast
Moderate
Internal Work Notes
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Scope of Impact
Original NVD Description
"A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder"