CVE-2024-21753: 
FortiClient EMS Analisi e mitigazione delle vulnerabilità

A path traversal vulnerability (CVE-2024-21753) was discovered in Fortinet FortiClientEMS management interface affecting versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, and 1.2.1 through 1.2.5. The vulnerability was internally discovered by Gwendal Guégniaud of Fortinet Product Security Team and publicly disclosed on September 10, 2024 (Fortinet Advisory).

The vulnerability is classified as an improper limitation of a pathname to a restricted directory (CWE-22) that exists in the FortiClientEMS management interface. The issue allows authenticated attackers to perform unauthorized file operations through specially crafted HTTP requests. The vulnerability has received a CVSS v3.1 base score of 6.0 (Medium) from NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H, while Fortinet assigned it a slightly lower score of 5.5 (Medium) (NVD).

The exploitation of this vulnerability can lead to multiple security impacts including denial of service, unauthorized file reading, and the ability to write a limited number of files to the system via specially crafted HTTP requests. This could potentially compromise system integrity and availability (Rapid7).

Fortinet has released security patches to address this vulnerability. Users are advised to upgrade to FortiClientEMS version 7.2.5 or above. For older versions, users should migrate to a fixed release as soon as possible. Specifically, users running versions 7.0.x through 7.0.13, 6.4.x through 6.4.9, 6.2.x through 6.2.9, 6.0.x through 6.0.8, and 1.2.x through 1.2.5 should upgrade to a supported version (Fortinet Advisory).