CVE-2024-48884
HIGHFortinet FortiManager 7.4.1-7.4.3, FortiOS 6.4.0-6.4.15 - Path Traversal & Arbitrary File Write
Title source: llmDescription
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-24-259
Scores
CVSS v3
7.5
EPSS
0.1494
EPSS Percentile
96.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (24)
Fortinet/FortiManager
7.4.1 - 7.4.3
fortinet/fortimanager
7.4.1 - 7.4.4
Fortinet/FortiManager
7.6.0 - 7.6.1
Fortinet/FortiManager Cloud
7.4.1 - 7.4.3
fortinet/fortimanager_cloud
7.4.1 - 7.4.4
fortinet/fortios
7.6.0
Fortinet/FortiOS
6.4.0 - 6.4.15
fortinet/fortios
6.4.0 - 6.4.16
Fortinet/FortiOS
7.0.0 - 7.0.15
Fortinet/FortiOS
7.2.0 - 7.2.9
... and 14 more
Published
Jan 14, 2025
Tracked Since
Feb 18, 2026