FortiOS, FortiProxy & FortiSwitchManager - Arbitrary read/write vulnerability in administrative interface

Feb. 16, 2023, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

A relative path traversal vulnerability [CWE-23] in FortiOS, FortiProxy, and FortiSwitchManager may allow an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP or HTTPS requests.

cwe files fortios fortiproxy fortiswitchmanager http https interface linux may path path traversal relative requests system vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS - Web server ETag exposure 1 month ago | fortiguard.fortinet.com

actor attacker cwe device +17

FortiSandbox - Arbitrary file read on endpoint 1 month ago | fortiguard.fortinet.com

arbitrary files attacker cwe directory +12

FortiNAC-F - Lack of certificate validation 1 month ago | fortiguard.fortinet.com

attack attacker certificate channel +12

FortiOS - Format String in CLI command 1 month ago | fortiguard.fortinet.com

access admin arbitrary code attacker +16

FortiOS & FortiProxy - administrator cookie leakage 1 month ago | fortiguard.fortinet.com

administrator attacker conditions cookie +10

FortiSandbox - Arbitrary file delete on endpoint 1 month ago | fortiguard.fortinet.com

arbitrary files attacker cwe delete +13

FortiClientMac - Lack of configuration file validation 1 month ago | fortiguard.fortinet.com

arbitrary code attacker code configuration +15

FortiManager - Code Injection via Jinja Template 1 month ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +11

FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution 1 month ago | fortiguard.fortinet.com

access admin arbitrary code arbitrary code execution +16

Security Analysis Senior Analyst

@ NTT DATA | Bengaluru, KA, IN

View on infosec-jobs.com

SAP NS2 SIEM Engineering Manager - Herndon (Hybrid)

@ SAP | Herndon, VA, US, 20171

View on infosec-jobs.com

Security Architect - Infrastructure

@ Yorkshire Water | Bradford, GB

View on infosec-jobs.com

Information System Security Officer, Journeyman (Secret)

@ Resource Management Concepts, Inc. | Patuxent River, Maryland, United States

View on infosec-jobs.com

Technology Information Security GRC Senior

@ KPMG India | Gurgaon, Haryana, India

View on infosec-jobs.com

Principal CyberSecurity Engineer

@ DTCC | Dallas, TX, United States

View on infosec-jobs.com

View more jobs

all InfoSec news

FortiOS, FortiProxy & FortiSwitchManager - Arbitrary read/write vulnerability in administrative interface

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

Security Analysis Senior Analyst

SAP NS2 SIEM Engineering Manager - Herndon (Hybrid)

Security Architect - Infrastructure

Information System Security Officer, Journeyman (Secret)

Technology Information Security GRC Senior

Principal CyberSecurity Engineer