In FortiGate appliances, this can be exploited to execute arbitrary commands with elevated privileges via crafted HTTP requests. FortiGate appliances running FortiSOAR 7.2.1 and earlier are vulnerable. FortiGate XG-10 and XG-50 devices prior to firmware 7.2.1 also are vulnerable. In addition to these products, FortiGate SSL VPN devices running earlier firmware are also vulnerable. An unauthenticated attacker can exploit these issues to escalate privileges and obtain access to the underlying system via crafted HTTP requests. These issues have been assigned Common Vulnerabilities and Exposures (CVE) IDs: CVE-2018-10892: Directory traversal in FortiGate webui
CVE-2018-10894: Directory traversal in FortiGate webui
CVE-2018-10896: Directory traversal in FortiGate webui
CVE-2018-10897: Directory traversal in FortiGate webui
CVE-2018-10896: Directory traversal in FortiGate webui
CVE-2018-10898: Directory traversal in FortiGate webui
CVE-2018-10899: Directory traversal in FortiGate webui
CVE-2018-10901: Denial of service in FortiGate webui
CVE-2018-10902: Denial of service in FortiGate webui
CVE-2018-10903
Categories of impacts
Affected product: FortiGate appliances running FortiSOAR 7.2.1 and earlier are vulnerable.
Impact: Execute arbitrary commands with elevated privileges.
Mitigation: Upgrade to FortiGate firmware version 7.2.2 or later, which addresses this vulnerability.
Affected product: FortiGate SSL VPN devices running earlier firmware are also vulnerable.
Impact: An unauthenticated attacker can exploit these issues to escalate privileges and obtain access to the underlying system via crafted HTTP requests.
Mitigation: Upgrade to FortiGate SSL VPN firmware versions 8.0 or later which addresses this vulnerability.
Affected products: All other Fortinet products are not impacted by this issue, including those running high-risk versions of software prior to 7.2.1 or later, on any platform and any CPU architecture
How does this work?
A vulnerability was discovered in FortiGate appliances that can be exploited to execute arbitrary commands with elevated privileges via crafted HTTP requests. This vulnerability is due to a flaw in the web interface. The flaw is caused by directory traversal and is not directly exploitable from the web interface, but can be done through running external commands in a shell, or by uploading and executing a file on the web interface.
This vulnerability has been assigned CVE ID: CVE-2018-10892: Directory traversal in FortiGate webui
Some of these vulnerabilities have been narrowed down to certain FortiGate models, such as XG-10 and XG-50 devices, which are vulnerable before firmware 7.2.1; XG-20 and 30 before firmware 7.2.1 are also vulnerable. The following list of affected products includes all affected models:
FortiGate SSL VPN devices running earlier firmware are also vulnerable.
Timeline
Published on: 09/06/2022 18:15:00 UTC
Last modified on: 09/09/2022 02:54:00 UTC