CVE-2024-48892Relative Path Traversal in Fortinet Fortisoar

CWE-23Relative Path Traversal4 documents4 sources
Severity
4.9MEDIUMNVD
CNA6.8
EPSS
0.1%
top 83.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisoar
Timeline
PublishedAug 12

Description

A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortisoar7.3.07.5.2+1
CVEListV5fortinet/fortisoar7.5.07.5.1+3

🔴Vulnerability Details

2
CVEList
CVE-2024-48892: A relative path traversal vulnerability [CWE-23] in FortiSOAR 72025-08-12
GHSA
GHSA-6mwp-2wph-qmcf: A relative path traversal vulnerability [CWE-23] in FortiSOAR 72025-08-12

📋Vendor Advisories

1
Fortinet
A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all vers...2025-08-12
CVE-2024-48892 — Relative Path Traversal in Fortinet | cvebase