CVE-2024-48885

CWE-22Path Traversal4 documents4 sources
Severity
9.1CRITICAL
EPSS
0.4%
top 40.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Fortinet FortirecorderFortinet FortiwebFortinet Fortivoice
Timeline
PublishedJan 16

Description

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to escalate privilege via specially crafted packets.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages6 packages

NVDfortinet/fortiweb6.4.07.4.5+1
CVEListV5fortinet/fortiweb7.4.07.4.4+4
CVEListV5fortinet/fortivoice7.0.07.0.4+2
NVDfortinet/fortivoice6.0.06.4.10+1
NVDfortinet/fortirecorder7.0.07.0.5+1

🔴Vulnerability Details

2
CVEList
CVE-2024-48885: A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 72025-01-16
GHSA
GHSA-9wj2-ccpq-qx84: A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 72025-01-16

📋Vendor Advisories

1
Fortinet
Path traversal in csfd daemon2025-01-14
CVE-2024-48885 (CRITICAL CVSS 9.1) | A improper limitation of a pathname | cvebase.io