Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN022 _____________________________________________________________________ DATE : 21/01/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running FortiManager versions prior to 7.6.2, 7.4.4, FortiManager Cloud versions prior to 7.4.4, FortiOS versions prior to 7.4.5, 7.2.10, 7.0.16, FortiProxy versions prior to 7.4.6, 7.2.12, 7.0.19, FortiRecorder versions prior to 7.2.2, 7.0.5, FortiVoice versions prior to 7.0.5, 6.4.10, FortiWeb versions prior to versions prior to ,7.4.5. ===================================================================== https://www.fortiguard.com/psirt/FG-IR-24-259 _____________________________________________________________________ Path traversal in csfd daemon Summary An improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in FortiManager, FortiOS, FortiProxy, FortiRecorder, FortiVoice and FortiWeb may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files and a remote unauthenticated attacker with the same network access to delete an arbitrary folder. Version Affected Solution FortiManager 7.6 7.6.0 through 7.6.1 Upgrade to 7.6.2 or above FortiManager 7.4 7.4.1 through 7.4.3 Upgrade to 7.4.4 or above FortiManager 7.2 Not affected Not Applicable FortiManager 7.0 Not affected Not Applicable FortiManager Cloud 7.4 7.4.1 through 7.4.3 Upgrade to 7.4.4 or above FortiOS 7.6 7.6.0 Upgrade to 7.6.1 or above FortiOS 7.4 7.4.0 through 7.4.4 Upgrade to 7.4.5 or above FortiOS 7.2 7.2.0 through 7.2.9 Upgrade to 7.2.10 or above FortiOS 7.0 7.0.0 through 7.0.15 Upgrade to 7.0.16 or above FortiOS 6.4 6.4 all versions Migrate to a fixed release FortiProxy 7.6 Not affected Not Applicable FortiProxy 7.4 7.4.0 through 7.4.5 Upgrade to 7.4.6 or above FortiProxy 7.2 7.2.0 through 7.2.11 Upgrade to 7.2.12 or above FortiProxy 7.0 7.0.0 through 7.0.18 Upgrade to 7.0.19 or above FortiProxy 2.0 2.0 all versions Migrate to a fixed release FortiProxy 1.2 1.2 all versions Migrate to a fixed release FortiProxy 1.1 1.1 all versions Migrate to a fixed release FortiProxy 1.0 1.0 all versions Migrate to a fixed release FortiRecorder 7.2 7.2.0 through 7.2.1 Upgrade to 7.2.2 or above FortiRecorder 7.0 7.0.0 through 7.0.4 Upgrade to 7.0.5 or above FortiRecorder 6.4 Not affected Not Applicable FortiVoice 7.2 Not affected Not Applicable FortiVoice 7.0 7.0.0 through 7.0.4 Upgrade to 7.0.5 or above FortiVoice 6.4 6.4.0 through 6.4.9 Upgrade to 6.4.10 or above FortiVoice 6.0 6.0 all versions Migrate to a fixed release FortiWeb 7.6 7.6.0 Upgrade to 7.6.1 or above FortiWeb 7.4 7.4.0 through 7.4.4 Upgrade to 7.4.5 or above FortiWeb 7.2 7.2 all versions Migrate to a fixed release FortiWeb 7.0 7.0 all versions Migrate to a fixed release FortiWeb 6.4 6.4 all versions Migrate to a fixed release Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool Fortinet in Q4/24 has remediated this issue in FortiSASE version 24.3.c and hence the customers need not perform any action. Workarround : disable the security fabric : config system csf set status disable end or remove fabric from config system interface: config system interface edit "portX" set allow access ssh https next end Acknowledgement Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security Team. Timeline 2025-01-14: Initial publication 2025-01-16: add workarounds IR Number FG-IR-24-259 Published Date Jan 14, 2025 Updated Date Jan 16, 2025 Component OTHERS Severity High CVSSv3 Score 7.1 Impact Escalation of privilege CVE ID CVE-2024-48884 CVE-2024-48885 CVRF Download ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================