CVE-2024-40588

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-40588
Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.

4.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-309 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:fortinet:forticamera_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:forticamera:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*
History

14 Jan 2026, 10:16

Type Values Removed Values Added
Summary (en) Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests. (en) Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.

14 Aug 2025, 01:14

Type Values Removed Values Added
First Time Fortinet forticamera
Fortinet
Fortinet fortirecorder
Fortinet forticamera Firmware
Fortinet fortimail
Fortinet fortindr
Fortinet fortivoice
CPE cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:forticamera_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:forticamera:-:*:*:*:*:*:*:*
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-309 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-309 - Vendor Advisory

13 Aug 2025, 17:33

Type Values Removed Values Added
Summary
  • (es) Varias vulnerabilidades de path traversal relativa [CWE-23] en Fortinet FortiMail versión 7.6.0 a 7.6.1 y anteriores a 7.4.3, FortiVoice versión 7.0.0 a 7.0.5 y anteriores a 7.4.9, FortiRecorder versión 7.2.0 a 7.2.1 y anteriores a 7.0.4, FortiCamera y FortiNDR versión 7.6.0 y anteriores a 7.4.6 pueden permitir que un atacante privilegiado lea archivos del sistema de archivos subyacente a través de solicitudes CLI manipuladas.

12 Aug 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-12 19:15

Updated : 2026-01-14 10:16

NVD link : CVE-2024-40588

Mitre link : CVE-2024-40588

CVE.ORG link : CVE-2024-40588

JSON object : View

Products Affected

fortinet

  • fortimail
  • forticamera_firmware
  • fortivoice
  • forticamera
  • fortindr
  • fortirecorder
CWE
CWE-23

Relative Path Traversal