CVE-2024-36512

CWE-22Path Traversal4 documents4 sources
Severity
7.2HIGH
EPSS
0.6%
top 29.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortianalyzerFortinet Fortimanager
Timeline
PublishedJan 14

Description

An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

NVDfortinet/fortimanager6.2.107.0.13+2
NVDfortinet/fortianalyzer6.2.107.0.13+2
CVEListV5fortinet/fortimanager7.4.07.4.3+3
CVEListV5fortinet/fortianalyzer7.4.07.4.3+3

🔴Vulnerability Details

2
CVEList
CVE-2024-36512: An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 72025-01-14
GHSA
GHSA-w29f-xpw3-353w: An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 72025-01-14

📋Vendor Advisories

1
Fortinet
Arbitrary file write on GUI2025-01-14
CVE-2024-36512 (HIGH CVSS 7.2) | An improper limitation of a pathnam | cvebase.io