CVE-2024-52964
published 2025-08-12CVE-2024-52964: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1…
medium6.5CVSS 3.1
AVNACLPRHUINSUCNIHAH
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5 and before 7.2.9 allows an authenticated remote attacker to overwrite arbitrary files via FGFM crafted requests.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | >= 6.2.0 < 7.0.14 | 7.0.14 |
| fortinet | fortimanager | 6.2.0 – 6.2.13 | — |
| fortinet | fortimanager | 6.4.0 – 6.4.15 | — |
| fortinet | fortimanager | 7.0.0 – 7.0.13 | — |
| fortinet | fortimanager | >= 7.2.0 < 7.2.10 | 7.2.10 |
| fortinet | fortimanager | 7.2.0 – 7.2.9 | — |
| fortinet | fortimanager | >= 7.4.0 < 7.4.6 | 7.4.6 |
| fortinet | fortimanager | 7.4.0 – 7.4.5 | — |
| fortinet | fortimanager | >= 7.6.0 < 7.6.2 | 7.6.2 |
| fortinet | fortimanager | 7.6.0 – 7.6.1 | — |
| fortinet | fortimanager_cloud | 6.4.1 – 7.0.13 | — |
| fortinet | fortimanager_cloud | >= 7.2.1 < 7.2.10 | 7.2.10 |
| fortinet | fortimanager_cloud | >= 7.4.1 < 7.4.6 | 7.4.6 |
| fortinet | fortimanagercloud | — | — |
| fortinet | fortinet | — | — |