CVE-2024-33502

CWE-22Path Traversal4 documents4 sources
Severity
7.2HIGH
EPSS
0.6%
top 29.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortianalyzerFortinet Fortimanager
Timeline
PublishedJan 14

Description

An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages4 packages

NVDfortinet/fortimanager6.0.07.2.6+1
NVDfortinet/fortianalyzer6.0.07.2.6+1
CVEListV5fortinet/fortimanager7.4.07.4.2+5
CVEListV5fortinet/fortianalyzer7.4.07.4.2+5

🔴Vulnerability Details

2
GHSA
GHSA-gxgh-8p3v-3jvv: An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 72025-01-14
CVEList
CVE-2024-33502: An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 72025-01-14

📋Vendor Advisories

1
Fortinet
Arbitrary file delete on firmware import image feature2025-01-14
CVE-2024-33502 (HIGH CVSS 7.2) | An improper limitation of a pathnam | cvebase.io