=====================================================================

                                 CERT-Renater

                       Note d'Information No. 2023/VULN399

_____________________________________________________________________

DATE                : 12/10/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiManager, FortiAnalyzer
             versions prior to 7.4.1, 7.2.4, 7.0.9, 6.4.13, 6.2.12.

=====================================================================
https://fortiguard.fortinet.com/psirt/FG-IR-23-189
https://fortiguard.fortinet.com/psirt/FG-IR-23-202
_____________________________________________________________________

FortiManager & FortiAnalyzer - Path traversal via unrestricted file upload

IR Number    : FG-IR-23-189
Date         : Oct 10, 2023
Severity     : High
CVSSv3 Score : 8.6
Impact       : Execute unauthorized code or commands
CVE ID       : CVE-2023-42791
Affected Products:
FortiManager:7.4.0, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.8, 7.0.7, 7.0.6,
     7.0.5, 7.0.4,
     7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.12, 6.4.11, 6.4.10, 6.4.9, 6.4.8,
     6.4.7, 6.4.6,
     6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.2.11, 6.2.10, 6.2.9, 6.2.8,
     6.2.7, 6.2.6,
     6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0


FortiAnalyzer:7.4.1, 7.4.0, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.8, 7.0.7,
     7.0.6, 7.0.5,
     7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.12, 6.4.11, 6.4.10, 6.4.9,
     6.4.8, 6.4.7,
     6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.11, 6.2.10,
     6.2.9, 6.2.8,
     6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Summary

A relative path traversal [CVE-23] vulnerability in FortiManager and
FortiAnalyzer may allow a remote attacker with low privileges to
execute unauthorized code via crafted HTTP requests.

       Version               Affected     Solution
FortiManager 7.4   7.4.0                 Upgrade to 7.4.1 or above
FortiManager 7.2   7.2.0 through 7.2.3   Upgrade to 7.2.4 or above
FortiManager 7.0   7.0.0 through 7.0.8   Upgrade to 7.0.9 or above
FortiManager 6.4   6.4.1 through 6.4.12  Upgrade to 6.4.13 or above
FortiManager 6.2   6.2.0 through 6.2.11  Upgrade to 6.2.12 or above
FortiAnalyzer 7.4  7.4.0 through 7.4.1   Upgrade to 7.4.1 or above
FortiAnalyzer 7.2  7.2.0 through 7.2.3   Upgrade to 7.2.4 or above
FortiAnalyzer 7.0  7.0.0 through 7.0.8   Upgrade to 7.0.9 or above
FortiAnalyzer 6.4  6.4.0 through 6.4.12  Upgrade to 6.4.13 or above
FortiAnalyzer 6.2  6.2.0 through 6.2.11  Upgrade to 6.2.12 or above


Follow the recommended upgrade path using our tool at: https://
docs.fortinet.com/upgrade-tool


Acknowledgement

Fortinet is pleased to thank security researchers Paul BARBE and
Antoine CARRINCAZEAUX from Synacktiv ( https://www.synacktiv.com)
for discovering and reporting this vulnerability under responsible
disclosure.


Timeline

2023-10-10: Initial publication

_____________________________________________________________________

FortiManager & FortiAnalyzer - Arbitrary file deletion

IR Number    : FG-IR-23-169
Date         : Oct 10, 2023
Severity     : Medium
CVSSv3 Score : 6.9
Impact       : Execute unauthorized code or commands
CVE ID       : CVE-2023-41838
Affected Products:
FortiAnalyzer:7.4.0, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.8, 7.0.7, 7.0.6,
     7.0.5, 7.0.4,
     7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.12, 6.4.11, 6.4.10, 6.4.9, 6.4.8,
     6.4.7, 6.4.6,
     6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.11, 6.2.10, 6.2.9,
     6.2.8, 6.2.7,
     6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0


FortiManager:7.4.0, 7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.8, 7.0.7, 7.0.6,
     7.0.5, 7.0.4,
     7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.12, 6.4.11, 6.4.10, 6.4.9, 6.4.8,
     6.4.7, 6.4.6,
     6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.11, 6.2.10, 6.2.9,
     6.2.8, 6.2.7,
     6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0


Summary

An improper neutralization of special elements used in an OS Command
[CWE-22] in FortiManager and FortiAnalyzer may allow a low privileged
authenticated attacker to delete arbitrary files via the CLI.


      Version            Affected                Solution
FortiAnalyzer 7.4  7.4.0                 Upgrade to 7.4.1 or above
FortiAnalyzer 7.2  7.2.0 through 7.2.3   Upgrade to 7.2.4 or above
FortiAnalyzer 7.0  7.0.0 through 7.0.8   Upgrade to 7.0.9 or above
FortiAnalyzer 6.4  6.4.0 through 6.4.12  Upgrade to 6.4.13 or above
FortiAnalyzer 6.2  6.2.0 through 6.2.11  Upgrade to 6.2.12 or above
FortiManager 7.4   7.4.0                 Upgrade to 7.4.1 or above
FortiManager 7.2   7.2.0 through 7.2.3   Upgrade to 7.2.4 or above
FortiManager 7.0   7.0.0 through 7.0.8   Upgrade to 7.0.9 or above
FortiManager 6.4   6.4.0 through 6.4.12  Upgrade to 6.4.13 or above
FortiManager 6.2   6.2.0 through 6.2.11  Upgrade to 6.2.12 or above

Follow the recommended upgrade path using our tool at: https://
docs.fortinet.com/upgrade-tool


Acknowledgement

Internally discovered and reported by Adham El karn of Fortinet
Product Security team.


Timeline

2023-10-02: Initial publication

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================