Fortinet Products Path Traversal Vulnerability Allowing Arbitrary File Write or Delete

A path traversal vulnerability has been identified in multiple Fortinet products, including FortiOS, FortiPAM, FortiProxy, and FortiSwitchManager. This vulnerability allows an authenticated attacker with admin rights and read-write permissions to write or delete arbitrary files by using specific command-line interface (CLI) commands. The affected Fortinet FortiOS versions are 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, 7.2 all versions, 7.0 all versions, and 6.4 all versions. FortiPAM versions 1.7.0, 1.6 all versions, 1.5 all versions, 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, and 1.0 all versions are also affected. Additionally, FortiProxy versions 7.6.0 through 7.6.4, 7.4.0 through 7.4.11, 7.2 all versions, and 7.0 all versions are vulnerable. FortiSwitchManager versions 7.2.0 through 7.2.7 and 7.0.0 through 7.0.6 are also impacted.

Impact

Exploitation of this vulnerability could lead to unauthorized file manipulation, allowing for the writing or deletion of arbitrary files on the system.

Remediation

Users can upgrade Fortinet FortiOS to version 7.6.5 or 7.4.10, FortiPAM to version 1.7.1, FortiProxy to version 7.6.5 or 7.4.12, and FortiSwitchManager to version 7.2.8 or 7.0.7. For Fortinet PAM versions 1.6, 1.5, 1.4, 1.3, 1.2, 1.1, and 1.0, users should migrate to a fixed release. Virtual Patch named 'FG-VD-59270.0day.' is available in FMWP db update 25.120.