CVE-2024-48885

MEDIUM

Fortinet FortiRecorder 7.0.0-7.0.4, 7.2.0-7.2.1; FortiVoice 6.0-6.4.9, 7.0.0-7.0.4; FortiWeb 6.4-7.6.0 - Path Traversal

Title source: llm

Description

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to escalate privilege via specially crafted packets.

References (1)

Core 1

Core References

Vendor Advisory

https://fortiguard.fortinet.com/psirt/FG-IR-24-259

Scores

CVSS v3 5.3

EPSS 0.0029

EPSS Percentile 52.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (4)

fortinet/fortirecorder 7.0.0 - 7.0.5

fortinet/fortivoice 6.0.0 - 6.4.10

fortinet/fortiweb 7.6.0

fortinet/fortiweb 6.4.0 - 7.4.5

Published Jan 16, 2025

Tracked Since Feb 18, 2026