Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-25606: Fortiguard

An improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

CVE
Open in Source
#vulnerability#web#auth

** PSIRT Advisories**

FortiAnalyzer & FortiManager - Path traversal in history downloadzip

Summary

An improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

Affected Products

FortiManager version 7.2.0 through 7.2.1
FortiManager version 7.0.0 through 7.0.5
FortiManager version 6.4 all versions
FortiAnalyzer version 7.2.0 through 7.2.1
FortiAnalyzer version 7.0.0 through 7.0.5
FortiAnalyzer version 6.4 all versions

Solutions

Please upgrade to FortiManager version 7.2.2 or above
Please upgrade to FortiManager version 7.0.7 or above
Please upgrade to FortiManager version 6.4.12 or above
Please upgrade to FortiAnalyzer version 7.2.2 or above
Please upgrade to FortiAnalyzer version 7.0.7 or above
Please upgrade to FortiAnalyzer version 6.4.12 or above

Timeline

2023-06-19: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE