CVE-2024-35274
published 2024-11-12CVE-2024-35274: An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2…
low2.3CVSS 3.1
AVLACLPRHUINSUCNILAN
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | >= 6.2.0 < 7.4.3 | 7.4.3 |
| fortinet | fortianalyzer | 6.2.0 – 6.2.13 | — |
| fortinet | fortianalyzer | 6.4.0 – 6.4.15 | — |
| fortinet | fortianalyzer | 7.0.0 – 7.0.13 | — |
| fortinet | fortianalyzer | 7.2.0 – 7.2.8 | — |
| fortinet | fortianalyzer | 7.4.0 – 7.4.2 | — |
| fortinet | fortianalyzer_big_data | >= 6.2.1 < 7.4.1 | 7.4.1 |
| fortinet | fortianalyzerbigdata | — | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | >= 6.2.0 < 7.4.3 | 7.4.3 |
| fortinet | fortimanager | 6.2.0 – 6.2.13 | — |
| fortinet | fortimanager | 6.4.0 – 6.4.15 | — |
| fortinet | fortimanager | 7.0.0 – 7.0.13 | — |
| fortinet | fortimanager | 7.2.0 – 7.2.8 | — |
| fortinet | fortimanager | 7.4.0 – 7.4.2 | — |
| fortinet | fortinet | — | — |