CVE-2024-32115Relative Path Traversal in Fortinet Fortimanager

CWE-23Relative Path TraversalCWE-22Path Traversal4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.7%
top 28.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortimanager
Timeline
PublishedJan 14

Description

A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:HExploitability: 1.2 | Impact: 4.2

Affected Packages2 packages

NVDfortinet/fortimanager7.0.07.2.6+1
CVEListV5fortinet/fortimanager7.4.07.4.2+2

🔴Vulnerability Details

2
CVEList
CVE-2024-32115: A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 72025-01-14
GHSA
GHSA-g8fx-pvg9-8mm8: A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 72025-01-14

📋Vendor Advisories

1
Fortinet
Arbitrary file deletion in administrative interface2025-01-14
CVE-2024-32115 — Relative Path Traversal in Fortinet | cvebase