CVE-2024-47566
published 2025-01-14CVE-2024-47566: A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before…
medium6CVSS 3.1
AVLACLPRHUINSUCNIHAH
A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortirecorder | — | — |
| fortinet | fortirecorder | >= 6.4.0 < 7.0.5 | 7.0.5 |
| fortinet | fortirecorder | 6.4.0 – 6.4.5 | — |
| fortinet | fortirecorder | 7.0.0 – 7.0.4 | — |
| fortinet | fortirecorder | >= 7.2.0 < 7.2.2 | 7.2.2 |
| fortinet | fortirecorder | 7.2.0 – 7.2.1 | — |