A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets.
References
| Link | Resource |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-24-259 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
03 Feb 2025, 21:11
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| CPE | cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* |
|
| First Time |
Fortinet fortimanager
Fortinet fortiproxy Fortinet fortimanager Cloud Fortinet Fortinet fortiweb Fortinet fortirecorder Fortinet fortivoice Fortinet fortios |
|
| References | () https://fortiguard.fortinet.com/psirt/FG-IR-24-259 - Vendor Advisory |
16 Jan 2025, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-01-16 09:15
Updated : 2025-02-03 21:11
NVD link : CVE-2024-48885
Mitre link : CVE-2024-48885
CVE.ORG link : CVE-2024-48885
JSON object : View
Products Affected
fortinet
- fortimanager_cloud
- fortivoice
- fortiweb
- fortirecorder
- fortimanager
- fortios
- fortiproxy
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')