PSIRT Advisory

Multiple Vulnerabilities in FortiManager

Summary

Multiple vulnerabilities have been discovered in FortiManager.

Description

Certain versions of FortiManager are subject to the following vulnerabilities:
1. Escalation of Privileges: under certain circumstances, there exists the possibility for a user to escalate privileges by modifying specific parameters.
2. Cross-Site Scripting Vulnerability: it may be possible for an attacker to manipulate a specific action to inject potentially malicious JavaScript into other user profiles. This vulnerability requires account access and privilege escalation in order to be successful.
3. SQL Injection: a remote attacker may be able to perform an SQL Injection attack on the FortiManager via an improperly sanitized input.
4. Local Privilege Escalation via CLI: certain commands can be exploited to allow the passing of additional code which can allow an escalation of privileges.
5. Arbitrary File Download: an opportunity exists for an attacker to obtain arbitrary files from the FortiManager which can lead to information disclosure. This vulnerability requires an attacker to exploit another vulnerability to escalate their privileges.

Impact

Escalation of Privileges, Cross-Site Scripting, SQL Query Execution, SQL Injection, Arbitrary File Download

Affected Products

FortiManager v.5.2.1 and earlierFortiManager v5.0.10 and earlier

Solutions

FortiManager v5.0 through v5.0.10: Upgrade to FortiManager v5.0.11. You may also upgrade to FortiManager to v5.2.2, which is also available.
FortiManager v5.2 through v5.2.1: Upgrade FortiManager to v5.2.2.

Acknowledgement

Thank you to Maksymilian Motyl and the ITN Security Team at Orange Polska for responsibly disclosing these vulnerabilities to Fortinet.