CVE-2024-32116

MEDIUM

Fortinet Fortianalyzer < 7.2.6 - Path Traversal

Title source: rule

Description

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-24-099

Scores

CVSS v3 5.1

EPSS 0.0014

EPSS Percentile 34.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Classification

CWE

CWE-22 CWE-23

Status published

Affected Products (4)

fortinet/fortianalyzer < 7.2.6

fortinet/fortianalyzer_big_data < 7.2.8

fortinet/fortianalyzer_big_data

fortinet/fortimanager < 7.2.6

Timeline

Published Nov 12, 2024

Tracked Since Feb 18, 2026