CVE-2023-44256: 
Fortinet FortiManager vulnerability analysis and mitigation

A server-side request forgery (SSRF) vulnerability was discovered in Fortinet FortiAnalyzer and FortiManager products (CVE-2023-44256). The vulnerability affects multiple versions including FortiAnalyzer 7.4.0, versions 7.2.0 through 7.2.3, versions 7.0.2 through 7.0.8, and versions 6.4.8 through 6.4.15. The vulnerability was discovered by security researchers from Orange Cyberdéfense and Orange group, and was publicly disclosed on October 10, 2023 (Fortinet Advisory).

The vulnerability exists in the FortiView top threats report generation feature, specifically in the PDF generation functionality that uses wkhtmltopdf 0.12.6-dev. The SSRF vulnerability allows an attacker to make the FortiAnalyzer execute web requests to local and reachable network web services, with the responses being displayed in the rendered PDF. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD, Orange Advisory).

The vulnerability allows a remote attacker with low privileges to view sensitive data from internal servers and perform local port scanning. The attacker can gain access to information and web services that are normally not accessible, and can potentially anonymize malicious actions by having them executed through the FortiAnalyzer (Orange Advisory).

Fortinet has released security patches to address this vulnerability. Users are advised to upgrade to the following fixed versions: FortiAnalyzer 7.4.1 or above for 7.4.x, FortiAnalyzer 7.2.4 or above for 7.2.x, FortiAnalyzer 7.0.9 or above for 7.0.x, and users of FortiAnalyzer 6.4.8 through 6.4.15 should migrate to a fixed release (Fortinet Advisory).