CVE-2024-52964

CWE-22Path Traversal4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 49.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimanagerFortinet Fortimanager Cloud
Timeline
PublishedAug 12

Description

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5 and before 7.2.9 allows an authenticated remote attacker to overwrite arbitrary files via FGFM crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:HExploitability: 1.2 | Impact: 4.2

Affected Packages3 packages

NVDfortinet/fortimanager_cloud7.2.17.2.10+2
NVDfortinet/fortimanager6.2.07.0.14+3
CVEListV5fortinet/fortimanager7.6.07.6.1+5

🔴Vulnerability Details

2
CVEList
CVE-2024-52964: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 72025-08-12
GHSA
GHSA-535p-g7m4-r8xm: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 72025-08-12

📋Vendor Advisories

1
Fortinet
Arbitrary file overwrite in FGFMd2025-08-12
CVE-2024-52964 (MEDIUM CVSS 6.5) | An Improper Limitation of a Pathnam | cvebase.io