IDOR on download logs feature

Summary

An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer & FortiManager may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.

Affected Products

FortiManager 7.6 all versions are not affected
FortiManager version 7.4.0
FortiManager version 7.2.0 through 7.2.4
FortiManager 7.0 all versions
FortiManager 6.4 all versions
FortiManager 6.2 all versions
FortiAnalyzer-BigData 7.4 all versions are not affected
FortiAnalyzer-BigData version 7.2.0 through 7.2.5
FortiAnalyzer 7.6 all versions are not affected
FortiAnalyzer version 7.4.0
FortiAnalyzer version 7.2.0 through 7.2.4
FortiAnalyzer 7.0 all versions
FortiAnalyzer 6.4 all versions
FortiAnalyzer 6.2 all versions

Solutions

Please upgrade to FortiAnalyzer version 7.4.1 or above
Please upgrade to FortiAnalyzer version 7.2.5 or above

Please upgrade to FortiManager version 7.4.1 or above
Please upgrade to FortiManager version 7.2.5 or above

Please upgrade to FortiAnalyzer-BigData version 7.4.0 or above
Please upgrade to FortiAnalyzer-BigData version 7.2.6 or above

Acknowledgement

Fortinet is pleased to thank security researchers Mickael Dorigny at Orange Cyberdéfense, Frédéric Prevost, François-Xavier Picard and Orange CERT-CC at Orange group for discovering and reporting this vulnerability under responsible disclosure.

Timeline

2024-09-10: Initial publication

References

• https://github.com/orangecertcc/security-research/security/advisories/GHSA-3xr4-2rgh-m245