====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN249
_____________________________________________________________________

DATE                : 28/04/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiWAN versions prior to 4.5.8,
                                             5.1.1.

=====================================================================
https://www.fortiguard.com/psirt/FG-IR-21-048
_____________________________________________________________________

Authentication bypass in FortiWAN


Summary

A relative path traversal vulnerability (CWE-23) in FortiWAN may allow a
remote non-authenticated attacker to delete files on the system by
sending a crafted POST request. In particular, deleting specific
configuration files will reset the Admin password to its default value.


Impact
Authentication bypass


Affected Products
FortiWAN versions 4.5.7 and below.


Solutions

Please upgrade to FortiWAN upcoming version 4.5.8 or above. Please
upgrade to FortiWAN version 5.1.1 or above. Workaround: Instead of
allowing administrative access from any source, restrict it to trusted
internal hosts.


Acknowledgement
Fortinet is pleased to thank a customer who brought this issue to our
attention.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================