CVE-2024-47566

CWE-22 — Path Traversal4 documents4 sources

Severity

6.0MEDIUM

EPSS

0.4%

top 38.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortirecorder

Timeline

PublishedJan 14

Description

A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:HExploitability: 0.8 | Impact: 4.2

Affected Packages2 packages

▶NVDfortinet/fortirecorder6.4.0 — 7.0.5+1

▶CVEListV5fortinet/fortirecorder7.2.0 — 7.2.1+2

🔴Vulnerability Details

CVEList

CVE-2024-47566: A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7↗2025-01-14

▶

GHSA

GHSA-m343-65m6-2r6j: A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7↗2025-01-14

▶

📋Vendor Advisories

Fortinet

A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder vers...↗2025-01-14

▶