Multiple Vulnerabilities in FortiManager
Multiple vulnerabilities have been discovered in FortiManager.
Certain versions of FortiManager are subject to the following vulnerabilities:
1. Escalation of Privileges: under certain circumstances, there exists the possibility for a user to escalate privileges by modifying specific parameters.
3. SQL Injection: a remote attacker may be able to perform an SQL Injection attack on the FortiManager via an improperly sanitized input.
4. Local Privilege Escalation via CLI: certain commands can be exploited to allow the passing of additional code which can allow an escalation of privileges.
5. Arbitrary File Download: an opportunity exists for an attacker to obtain arbitrary files from the FortiManager which can lead to information disclosure. This vulnerability requires an attacker to exploit another vulnerability to escalate their privileges.
Escalation of Privileges, Cross-Site Scripting, SQL Query Execution, SQL Injection, Arbitrary File Download
FortiManager v.5.2.1 and earlierFortiManager v5.0.10 and earlier
FortiManager v5.0 through v5.0.10: Upgrade to FortiManager v5.0.11. You may also upgrade to FortiManager to v5.2.2, which is also available.
FortiManager v5.2 through v5.2.1: Upgrade FortiManager to v5.2.2.
Thank you to Maksymilian Motyl and the ITN Security Team at Orange Polska for responsibly disclosing these vulnerabilities to Fortinet.