CVE-2024-40588

MEDIUM

Fortinet FortiCamera <all> - Path Traversal

Title source: llm

Description

Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-24-309

Scores

CVSS v3 4.4

EPSS 0.0004

EPSS Percentile 10.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-23

Status published

Products (5)

fortinet/forticamera_firmware 2.0.0 - 2.1.4

fortinet/fortimail 6.4.0 - 7.4.4

fortinet/fortindr 7.0.0 - 7.4.7

fortinet/fortirecorder 6.4.0 - 7.0.5

fortinet/fortivoice 6.0.0 - 6.4.10

Published Aug 12, 2025

Tracked Since Feb 18, 2026