CVE-2024-48884
Published: Jan 14, 2025
Modified: Jan 14, 2026
CVSS v3.1
7.1
Description
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder
| Vendor | Product | Versions |
|---|---|---|
Fortinet | FortiProxy | affected 7.4.0 - <= 7.4.5affected 7.2.0 - <= 7.2.11affected 7.0.0 - <= 7.0.18affected 2.0.0 - <= 2.0.14affected 1.2.0 - <= 1.2.13+2 more versions |
Fortinet | FortiManager Cloud | affected 7.4.1 - <= 7.4.3 |
Fortinet | FortiManager | affected 7.6.0 - <= 7.6.1affected 7.4.1 - <= 7.4.3 |
Fortinet | FortiOS | affected 7.6.0affected 7.4.0 - <= 7.4.4affected 7.2.0 - <= 7.2.9affected 7.0.0 - <= 7.0.15affected 6.4.0 - <= 6.4.15 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now