CVE-2023-42791

Description

A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

Remediation

Solution:

Please upgrade to FortiAnalyzer-BigData version 7.2.6 or above Please upgrade to FortiAnalyzer-BigData version 7.0.7 or above Please upgrade to FortiAnalyzer-BigData version 6.4.8 or above Please upgrade to FortiAnalyzer-BigData version 6.2.6 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above Please upgrade to FortiManager version 6.4.13 or above Please upgrade to FortiManager version 6.2.12 or above Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiAnalyzer version 6.4.13 or above Please upgrade to FortiAnalyzer version 6.2.12 or above

References

Link	Tags
https://fortiguard.com/psirt/FG-IR-23-189	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-42791?: CVE-2023-42791 has been scored as a high severity vulnerability.
How to fix CVE-2023-42791?: To fix CVE-2023-42791: Please upgrade to FortiAnalyzer-BigData version 7.2.6 or above Please upgrade to FortiAnalyzer-BigData version 7.0.7 or above Please upgrade to FortiAnalyzer-BigData version 6.4.8 or above Please upgrade to FortiAnalyzer-BigData version 6.2.6 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above Please upgrade to FortiManager version 6.4.13 or above Please upgrade to FortiManager version 6.2.12 or above Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiAnalyzer version 6.4.13 or above Please upgrade to FortiAnalyzer version 6.2.12 or above
Is CVE-2023-42791 being actively exploited in the wild?: It is possible that CVE-2023-42791 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~9% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-42791?: CVE-2023-42791 affects Fortinet FortiManager, Fortinet FortiAnalyzer.

Description

Remediation

Categories

CWE-23 – Relative Path Traversal

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions