CVE-2024-48892

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-48892
A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-421 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.6.0:*:*:*:*:*:*:*
History

14 Aug 2025, 01:14

Type Values Removed Values Added
CPE cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.6.0:*:*:*:*:*:*:*
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-421 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-421 - Vendor Advisory
First Time Fortinet
Fortinet fortisoar

13 Aug 2025, 17:33

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de path traversal relativa [CWE-23] en FortiSOAR 7.6.0, 7.5.0 a 7.5.1, 7.4 todas las versiones, 7.3 todas las versiones puede permitir que un atacante autenticado lea archivos arbitrarios mediante la carga de un paquete de solución malicioso.

12 Aug 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-12 19:15

Updated : 2025-08-14 01:14

NVD link : CVE-2024-48892

Mitre link : CVE-2024-48892

CVE.ORG link : CVE-2024-48892

JSON object : View

Products Affected

fortinet

  • fortisoar
CWE
CWE-23

Relative Path Traversal