Une limitation incorrecte d'un chemin d'accès à un répertoire restreint ('path traversal') dans Fortinet FortiManager, FortiAnalyzer 7.4.0 à 7.4.3 et 7.2.0 à 7.2.5 et 7.0.2 à 7.0.12 et 6.2.1 à 6.2.13 permet à un attaquant d'exécuter du code ou des commandes non autorisés via des requêtes HTTP ou HTTPS spécialement conçues.

The path traversal vulnerability allows an attacker to bypass security controls and access files or directories outside of the intended scope. Successful exploitation could lead to the execution of arbitrary code on the affected system, potentially granting the attacker full control. This could involve reading sensitive configuration files, modifying system settings, or even installing malware. The blast radius extends to any data stored on the FortiManager or FortiAnalyzer, including network configurations, logs, and user credentials. Given the central role of these devices in network management, a successful attack could have widespread consequences.

Organizations heavily reliant on Fortinet FortiManager and FortiAnalyzer for network management and security are at significant risk. This includes managed service providers (MSPs) managing multiple client networks, and organizations with legacy Fortinet deployments running vulnerable versions. Shared hosting environments where multiple tenants share a FortiManager/FortiAnalyzer instance are particularly vulnerable.

• fortinet: Check FortiManager/FortiAnalyzer version.

# Check version via CLI
show system status

• fortinet: Monitor access logs for suspicious requests containing path traversal sequences (e.g., ../../).

# Example grep pattern for access logs
grep '../..' /var/log/fortimanager/www.log

• fortinet: Review firewall rules to ensure proper access restrictions to management interfaces. • generic web: Use curl to test for path traversal vulnerabilities.

curl 'http://<fortimanager_ip>/../../../../etc/passwd' #Example - adjust URL

1. 2025-01-14Disclosure

   disclosure

1. Réservé2024-05-29
2. Publiée2025-01-14
3. EPSS mis à jour2026-04-02

The primary mitigation for CVE-2024-36512 is to upgrade FortiManager and FortiAnalyzer to version 7.4.4 or later. If immediate upgrading is not possible, consider implementing temporary workarounds such as restricting network access to the management interfaces using a Web Application Firewall (WAF) or proxy server. Configure the WAF to block requests containing suspicious path traversal patterns (e.g., “../”). Regularly review access logs for any unusual activity. After upgrading, verify the fix by attempting to access files outside the intended directory using a crafted HTTP request; access should be denied.