Fortinet FortiManager 7.6.0 到 7.6.1、FortiManager 7.4.1 到 7.4.3、FortiManager Cloud 7.4.1 存在对受限目录的路径名限制不当 ('path traversal') 漏洞。

攻击者可以利用此路径遍历漏洞，通过构造恶意请求来访问 FortiProxy 服务器上的任意文件。这可能包括读取配置文件、敏感数据或执行代码。如果攻击者能够访问系统管理员凭据或配置信息，他们可能能够完全控制受影响的系统。此漏洞的潜在影响包括数据泄露、系统中断和未经授权的访问。由于该漏洞需要身份验证，因此攻击者需要先获得对 FortiProxy 系统的访问权限。

Organizations using FortiProxy in environments with weak authentication or exposed to external networks are particularly at risk. Shared hosting environments where multiple users share a single FortiProxy instance are also vulnerable, as a compromise of one user's account could potentially lead to access for other users. Legacy FortiProxy deployments running older, unpatched versions are especially susceptible.

• fortinet: Monitor FortiProxy logs for unusual file access attempts or requests containing directory traversal sequences (e.g., ../). • linux / server: Use lsof to identify processes accessing unexpected files or directories. Example:

lsof | grep /path/to/sensitive/file

• generic web: Use curl to test for path traversal vulnerabilities by appending directory traversal sequences to URLs. Example:

curl 'http://fortiproxy/../../../../etc/passwd'

• windows: Use PowerShell to check for suspicious processes or scheduled tasks that might be exploiting the vulnerability. Example:

Get-Process | Where-Object {$_.ProcessName -like '*suspicious*'}

1. 2025-01-14Disclosure

   disclosure

1. 已保留2024-10-09
2. 发布日期2025-01-14
3. 修改日期2026-01-14
4. EPSS 更新日期2026-04-02

Fortinet 建议用户尽快升级到已修复的版本。如果无法立即升级，可以考虑以下缓解措施：限制对 FortiProxy 服务的访问，仅允许授权用户访问。实施严格的访问控制策略，以防止未经授权的文件访问。监控 FortiProxy 日志，以检测可疑活动。使用 Web 应用程序防火墙 (WAF) 或代理服务器来过滤恶意请求。在升级后，验证漏洞是否已成功修复，可以通过尝试访问受限制目录之外的文件来确认。