CVE-2024-48884: A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1…

critical9.1CVSS 3.1

AVNACLPRNUINSUCNIHAH

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder

Affected

39 ranges· showing 25

Vendor	Product	Version range	Fixed in
fortinet	fortimanager	—	—
fortinet	fortimanager	>= 7.4.1 < 7.4.4	7.4.4
fortinet	fortimanager	7.4.1 – 7.4.3	—
fortinet	fortimanager	>= 7.6.0 < 7.6.2	7.6.2
fortinet	fortimanager	7.6.0 – 7.6.1	—
fortinet	fortimanager_cloud	>= 7.4.1 < 7.4.4	7.4.4
fortinet	fortimanager_cloud	7.4.1 – 7.4.3	—
fortinet	fortimanagercloud	—	—
fortinet	fortinet	—	—
fortinet	fortios	—	—
fortinet	fortios	—	—
fortinet	fortios	>= 6.4.0 < 6.4.16	6.4.16
fortinet	fortios	6.4.0 – 6.4.15	—
fortinet	fortios	>= 7.0.0 < 7.0.16	7.0.16
fortinet	fortios	7.0.0 – 7.0.15	—
fortinet	fortios	>= 7.2.0 < 7.2.10	7.2.10
fortinet	fortios	7.2.0 – 7.2.9	—
fortinet	fortios	>= 7.4.0 < 7.4.5	7.4.5
fortinet	fortios	7.4.0 – 7.4.4	—
fortinet	fortiproxy	—	—
fortinet	fortiproxy	>= 1.0.0 < 7.0.19	7.0.19
fortinet	fortiproxy	1.0.0 – 1.0.7	—
fortinet	fortiproxy	1.1.0 – 1.1.6	—
fortinet	fortiproxy	1.2.0 – 1.2.13	—
fortinet	fortiproxy	2.0.0 – 2.0.14	—