Description
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests.
Scores
CVSS v3
2.3
EPSS
0.0006
EPSS Percentile
18.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
CWE-23
Status
published
Products (3)
fortinet/fortianalyzer
6.2.0 - 7.4.3
fortinet/fortianalyzer_big_data
6.2.1 - 7.4.1
fortinet/fortimanager
6.2.0 - 7.4.3
Published
Nov 12, 2024
Tracked Since
Feb 18, 2026