Vulnerability Description
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortimanager | >= 7.4.1, < 7.4.4 |
| Fortinet | Fortimanager Cloud | >= 7.4.1, < 7.4.4 |
| Fortinet | Fortiproxy | >= 1.0.0, < 7.0.19 |
| Fortinet | Fortirecorder | >= 7.0.0, < 7.0.5 |
| Fortinet | Fortivoice | >= 6.0.0, <= 6.4.10 |
| Fortinet | Fortiweb | >= 6.4.0, < 7.4.5 |
| Fortinet | Fortios | >= 6.4.0, < 6.4.16 |
Related Weaknesses (CWE)
References
- https://fortiguard.fortinet.com/psirt/FG-IR-24-259Vendor Advisory
FAQ
What is CVE-2024-48884?
CVE-2024-48884 is a vulnerability with a CVSS score of 7.5 (HIGH). A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 ...
How severe is CVE-2024-48884?
CVE-2024-48884 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-48884?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortimanager, Fortinet Fortimanager Cloud, Fortinet Fortiproxy, Fortinet Fortirecorder, Fortinet Fortivoice.