cbcvebase.
CVE-2024-48885
published 2025-01-16

CVE-2024-48885: A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder…

critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to escalate privilege via specially crafted packets.

Affected

21 ranges
VendorProductVersion rangeFixed in
fortinetfortimanager
fortinetfortimanagercloud
fortinetfortinet
fortinetfortios
fortinetfortiproxy
fortinetfortirecorder
fortinetfortirecorder>= 7.0.0 < 7.0.57.0.5
fortinetfortirecorder7.0.0 – 7.0.4
fortinetfortirecorder>= 7.2.0 < 7.2.27.2.2
fortinetfortirecorder7.2.0 – 7.2.1
fortinetfortivoice
fortinetfortivoice6.0.0 – 6.4.10
fortinetfortivoice6.4.0 – 6.4.9
fortinetfortivoice7.0.0 – 7.0.5
fortinetfortiweb
fortinetfortiweb
fortinetfortiweb>= 6.4.0 < 7.4.57.4.5
fortinetfortiweb6.4.0 – 6.4.3
fortinetfortiweb7.0.0 – 7.0.12
fortinetfortiweb7.2.0 – 7.2.12
fortinetfortiweb7.4.0 – 7.4.4