=====================================================================

                              CERT-Renater

                    Note d'Information No. 2023/VULN474

_____________________________________________________________________

DATE                : 16/11/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiWAN versions 5.2.0 through
                                5.2.1, 5.1.1 through 5.1.2.

=====================================================================
https://fortiguard.fortinet.com/psirt/FG-IR-23-061
https://fortiguard.fortinet.com/psirt/FG-IR-23-265
_____________________________________________________________________


IR Number 	FG-IR-23-061
Date            Nov 14, 2023
Severity 	High
CVSSv3 Score 	8.6
Impact 	Improper access control
CVE ID 	CVE-2023-44252
Affected Products 	
FortiWAN : 5.2.1, 5.2.0, 5.1.2, 5.1.1


FortiWAN - Guessable static JSON web token secret

Summary

*PRODUCT OUT OF SUPPORT*

An improper authentication vulnerability [CWE-287] in FortWAN may
allow an authenticated attacker to escalate his privileges via
HTTP or HTTPs requests with crafted JWT token values.


Affected Products
FortiWAN version 5.2.0 through 5.2.1
FortiWAN version 5.1.1 through 5.1.2


Solutions

This product is end of life and no longer supported. Please consider
replacing with an equivalent FortiGate appliance as approriate.


Acknowledgement
Fortinet is pleased to thanks Idan Cohen from Cyberillium for
bringing this issue to our attention under responsible disclosure.


Timeline
2023-11-13: Initial publication

_____________________________________________________________________

IR Number 	FG-IR-23-265
Date 	Nov 14, 2023
Severity 	High
CVSSv3 Score 	8.1
Impact 	Execute unauthorized code or commands
CVE ID 	CVE-2023-44251
Affected Products 	
FortiWAN : 5.2.1, 5.2.0, 5.1.2, 5.1.1

FortiWAN - Path traversal vulnerability


Summary

*PRODUCT OUT OF SUPPORT*

A improper limitation of a pathname to a restricted directory ('path
traversal') vulnerability [CWE-22] in FortiWAN may allow an
authenticated attacker to read and delete arbitrary file of the system
via crafted HTTP or HTTPs requests.


Affected Products

FortiWAN version 5.2.0 through 5.2.1
FortiWAN version 5.1.1 through 5.1.2


Solutions

This product is end of life and no longer supported. Please consider
replacing with an equivalent FortiGate appliance as approriate.


Acknowledgement

Fortinet is pleased to thank Idan Cohen from Cyberillium for bringing
this issue to our attention under responsible disclosure.


Timeline

2023-11-02: Initial publication

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================