CVE-2024-36512: 
Fortinet FortiManager vulnerability analysis and mitigation

A path traversal vulnerability was discovered in Fortinet FortiManager and FortiAnalyzer products, affecting versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.2 through 7.0.12, and 6.2.10 through 6.2.13. The vulnerability allows attackers to execute unauthorized code or commands via crafted HTTP or HTTPS requests. This security issue was internally discovered and reported by Adham El karn of the Fortinet Product Security team (Fortinet PSIRT).

The vulnerability (CVE-2024-36512) is classified as a relative path traversal vulnerability [CWE-23] that affects the GUI component of FortiManager and FortiAnalyzer systems. It requires a privileged attacker with super-admin profile and CLI access to exploit. The vulnerability has been assigned a CVSSv3 score of 7.0, indicating a high severity level (Fortinet PSIRT).

When successfully exploited, this vulnerability allows attackers to write files on the underlying system and execute unauthorized code or commands, potentially compromising the security of the affected systems (Fortinet PSIRT).

Fortinet has released patches to address this vulnerability. Users of affected versions are advised to upgrade to the following fixed versions: FortiAnalyzer users should upgrade to version 7.4.4 or above (for 7.4.x), 7.2.6 or above (for 7.2.x), or 7.0.13 or above (for 7.0.x). FortiManager users should similarly upgrade to version 7.4.4 or above (for 7.4.x), 7.2.6 or above (for 7.2.x), or 7.0.13 or above (for 7.0.x). Users of version 6.2.x should migrate to a fixed release (Fortinet PSIRT).