A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value.
The attacker sends a specially crafted HTTP POST request containing a relative path sequence (relative path traversal, CWE-23), thereby bypassing authentication and access control mechanisms (CWE-305). The vulnerability allows operating on arbitrary files outside the permitted directory. Deletion of specific configuration files causes the administrator account password to reset to a default value, opening full access to the device.
An attacker without any privileges can delete critical system files and reset the administrator password to a default value, which in practice leads to complete takeover of the FortiWAN device.
FortiWAN should be updated to a version higher than 4.5.7. Detailed information about available patches is available in the vendor's guide at https://fortiguard.fortinet.com/psirt/FG-IR-21-048. Until the update is applied, it is recommended to restrict access to the device management interface only to trusted networks and IP addresses.
Fortinet FortiWAN version 4.5.7 and earlier, as well as all versions of the 4.4 branch
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortiwan
APPFortinet4.4.0 – 4.5.8 (bez)
Related vulnerabilities
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before...
An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may ...
** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version...
** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal'...
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management ...