Fortinet has released a security advisory on 27th April 2021 addressing a vulnerability in the FortiWAN -version 4.5.7 and prior.
The vulnerability is exploitable due to an error in the authentication process, which can be achieved through the FortiWAN relative path traversal vulnerability (CWE-23). This may allow a remote non-authenticated attacker to delete system files by sending a crafted HTTP POST request and preforming directory traversal sequences. By deleting distinctive configuration files, it could lead to password reset in the administrator account which would then revert to a default value.
For further information on this vulnerability kindly follow the below URL:
The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
PDF Download: Fortinet Security.pdf