Plattform
fortinet
Komponente
fortimanager-fortianalyzer
Behoben in
7.4.4
7.2.6
7.0.13
6.2.14
7.4.4
7.2.6
7.0.13
6.2.14
CVE-2024-36512 describes a path traversal vulnerability discovered in Fortinet FortiManager and FortiAnalyzer. This flaw allows an attacker to potentially execute unauthorized code or commands through specially crafted HTTP or HTTPS requests. The vulnerability affects versions 6.2.10 through 7.4.3 of FortiManager and FortiAnalyzer, and a fix is available in version 7.4.4.
The path traversal vulnerability allows an attacker to bypass access controls and read or write files outside of the intended directory. Successful exploitation could lead to arbitrary code execution on the affected system, granting the attacker significant control. This could involve gaining access to sensitive configuration data, user credentials, or even installing malware. The potential blast radius is substantial, as compromised FortiManager/FortiAnalyzer instances often manage and monitor network security devices, potentially enabling attackers to pivot to other systems within the network. Similar path traversal vulnerabilities have historically been exploited to gain system-level access.
CVE-2024-36512 was publicly disclosed on January 14, 2025. As of this date, no public proof-of-concept exploits are widely available, but the vulnerability’s ease of exploitation suggests a medium probability of exploitation (EPSS score likely medium). It is not currently listed on the CISA KEV catalog. Monitor threat intelligence feeds for any indications of active exploitation campaigns targeting FortiManager and FortiAnalyzer.
Organizations heavily reliant on Fortinet FortiManager and FortiAnalyzer for network management and security are at significant risk. This includes managed service providers (MSPs) managing multiple client networks, and organizations with legacy Fortinet deployments running vulnerable versions. Shared hosting environments where multiple tenants share a FortiManager/FortiAnalyzer instance are particularly vulnerable.
• fortinet: Check FortiManager/FortiAnalyzer version.
# Check version via CLI
show system status• fortinet: Monitor access logs for suspicious requests containing path traversal sequences (e.g., ../../).
# Example grep pattern for access logs
grep '../..' /var/log/fortimanager/www.log• fortinet: Review firewall rules to ensure proper access restrictions to management interfaces. • generic web: Use curl to test for path traversal vulnerabilities.
curl 'http://<fortimanager_ip>/../../../../etc/passwd' #Example - adjust URLdisclosure
Exploit-Status
EPSS
0.64% (70% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-36512 is to upgrade FortiManager and FortiAnalyzer to version 7.4.4 or later. If immediate upgrading is not possible, consider implementing temporary workarounds such as restricting network access to the management interfaces of FortiManager and FortiAnalyzer using a Web Application Firewall (WAF) or proxy server. Configure the WAF/proxy to block requests containing suspicious path traversal patterns (e.g., '../'). Regularly review firewall rules and access logs for any signs of attempted exploitation. After upgrading, verify the fix by attempting to access files outside the intended directory via HTTP/HTTPS requests; access should be denied.
Actualice FortiManager y FortiAnalyzer a la última versión disponible. Consulte el advisory de Fortinet (FG-IR-24-152) para obtener información específica sobre las versiones corregidas y las instrucciones de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-36512 is a Path Traversal vulnerability affecting Fortinet FortiManager and FortiAnalyzer versions 6.2.10–7.4.3, allowing attackers to potentially execute unauthorized code.
You are affected if you are running FortiManager or FortiAnalyzer versions 6.2.10 through 7.4.3. Check your version and upgrade immediately.
Upgrade to FortiManager/FortiAnalyzer version 7.4.4 or later. As a temporary workaround, restrict network access using a WAF or proxy.
While no public exploits are currently known, the vulnerability's nature suggests a potential for rapid exploitation if a proof-of-concept is released.
Refer to the official Fortinet security advisory for detailed information and mitigation steps: [https://fortinet.com/security/advisory/psirt24-002]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.