CVE-2024-36508
published 2025-02-11CVE-2024-36508: An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2…
medium6CVSS 3.1
AVLACLPRHUINSUCNIHAH
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 CLI allows an authenticated admin user with diagnose privileges to delete files on the system.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | >= 6.4.0 < 7.2.6 | 7.2.6 |
| fortinet | fortianalyzer | 6.4.0 – 6.4.15 | — |
| fortinet | fortianalyzer | 7.0.0 – 7.0.13 | — |
| fortinet | fortianalyzer | 7.2.0 – 7.2.5 | — |
| fortinet | fortianalyzer | >= 7.4.0 < 7.4.3 | 7.4.3 |
| fortinet | fortianalyzer | 7.4.0 – 7.4.2 | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | >= 6.4.0 < 7.2.6 | 7.2.6 |
| fortinet | fortimanager | 6.4.0 – 6.4.15 | — |
| fortinet | fortimanager | 7.0.0 – 7.0.13 | — |
| fortinet | fortimanager | 7.2.0 – 7.2.5 | — |
| fortinet | fortimanager | >= 7.4.0 < 7.4.3 | 7.4.3 |
| fortinet | fortimanager | 7.4.0 – 7.4.2 | — |
| fortinet | fortinet | — | — |