CVE-2024-48884

CWE-22 — Path Traversal4 documents4 sources

Severity

9.1CRITICAL

EPSS

39.3%

top 2.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortimanager Fortinet Fortimanager Cloud Fortinet Fortios +4 more

Timeline

PublishedJan 14

Description

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, FortiProxy 1.2 all versio…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages11 packages

▶NVDfortinet/fortiproxy1.0.0 — 7.0.19+2

▶CVEListV5fortinet/fortiproxy7.4.0 — 7.4.5+6

▶NVDfortinet/fortios6.4.0 — 6.4.16+4

▶CVEListV5fortinet/fortios7.4.0 — 7.4.4+4

▶NVDfortinet/fortimanager_cloud7.4.1 — 7.4.4

🔴Vulnerability Details

CVEList

CVE-2024-48884: A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7↗2025-01-14

▶

GHSA

GHSA-qhwf-jg9m-cq9f: A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7↗2025-01-14

▶

📋Vendor Advisories

Fortinet

Path traversal in csfd daemon↗2025-01-14

▶