Unrated severityNVD Advisory· Published Jan 14, 2025· Updated Jan 14, 2026

CVE-2024-48884

Description

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder

Affected products

Fortinet/FortiManager Cloudv5
cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*
Range: 7.4.1
Fortinet/Fortiproxyv5
cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
Range: 7.4.0
Fortinet/Fortimanagerv5
cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*
Range: 7.6.0
Fortinet/Fortiosv5
cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
Range: 7.6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-24-259mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.040
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000