A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Upgrade to FortiProxy version 7.6.6 or above
Upgrade to FortiOS version 8.0.0 or above
Upgrade to FortiOS version 7.6.7 or above
Upgrade to FortiOS version 7.4.10 or above
Fortinet remediated this issue in FortiSASE version 26.1.1 and hence customers do not need to perform any action.
Upgrade to FortiPAM version 1.9.0 or above
Upgrade to FortiPAM version 1.8.1 or above
Upgrade to FortiSwitchManager version 7.2.8 or above