Authentication bypass in FortiWAN

Summary

A relative path traversal vulnerability (CWE-23) in FortiWAN may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value.

Version Affected Solution
FortiWAN 4.5 4.5.0 through 4.5.7 Upgrade to 4.5.8 or above
FortiWAN 4.4 4.4 all versions Migrate to a fixed release

Acknowledgement

Fortinet is pleased to thank a customer who brought this issue to our attention.