VYPR
Unrated severityNVD Advisory· Published Jan 14, 2025· Updated Jan 14, 2026

CVE-2024-48884

CVE-2024-48884

Description

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • Fortinet/Fortimanager Cloudcpe-rescue2 versions
    cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*range: 7.4.1
    • (no CPE)range: 7.4.1-7.4.3
  • cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
    Range: 7.4.0
  • cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*range: 7.6.0
    • (no CPE)range: 7.6.0-7.6.1, 7.4.1-7.4.3
  • Fortinet/Fortiosv52 versions
    cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*range: 7.6.0
    • (no CPE)range: 7.6.0, 7.4.0-7.4.4, 7.2.0-7.2.9, 7.0.0-7.0.15, 6.4.0-6.4.15

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.