CVE-2024-46664 — Relative Path Traversal in Fortinet Fortirecorder

CWE-23 — Relative Path Traversal CWE-22 — Path Traversal4 documents4 sources

Severity

4.9MEDIUMNVD

CNA5.5

EPSS

0.5%

top 32.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortirecorder

Timeline

PublishedJan 14

Description

A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDfortinet/fortirecorder6.4.0 — 7.0.5+1

▶CVEListV5fortinet/fortirecorder7.2.0 — 7.2.1+2

🔴Vulnerability Details

CVEList

CVE-2024-46664: A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7↗2025-01-14

▶

GHSA

GHSA-xx9m-2fc7-mhx8: A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7↗2025-01-14

▶

📋Vendor Advisories

Fortinet

A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privi...↗2025-01-14

▶