A path traversal vulnerability in the FortiProxy SSL VPN web portal may allow a non-authenticated, remote attacker to download FortiProxy system files through specially crafted HTTP resource requests.
Affected ProductsFortiProxy versions 2.0.0
FortiProxy versions 1.2.8 and below.
FortiProxy versions 1.1.6 and below.
FortiProxy versions 1.0.7 and below.
Please upgrade to FortiProxy versions 1.2.9 or above. Please upgrade to FortiProxy versions 2.0.1 or above.