CVE-2024-48884
Description
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*range: 7.4.1
- (no CPE)range: 7.4.1-7.4.3
cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*range: 7.6.0
- (no CPE)range: 7.6.0-7.6.1, 7.4.1-7.4.3
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.