An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 up to and including 7.2.1, 7.0.0 up to and including 7.0.5, 6.4 all versions may allow a remote and authenticated malicious user to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortianalyzer |
||
fortinet fortimanager |