CVE-2024-48884
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder
| Software | From | Fixed in |
|---|---|---|
| fortinet / fortiweb | 7.6.0 | 7.6.0.x |
| fortinet / fortimanager_cloud | 7.4.1 | 7.4.4 |
| fortinet / fortirecorder | 7.2.0 | 7.2.2 |
| fortinet / fortios | 7.6.0 | 7.6.0.x |
| fortinet / fortios | 7.4.0 | 7.4.5 |
| fortinet / fortimanager | 7.4.1 | 7.4.4 |
| fortinet / fortimanager | 7.6.0 | 7.6.2 |
| fortinet / fortiproxy | 1.0.0 | 7.0.19 |
| fortinet / fortiproxy | 7.2.0 | 7.2.12 |
| fortinet / fortiproxy | 7.4.0 | 7.4.6 |
| fortinet / fortirecorder | 7.0.0 | 7.0.5 |
| fortinet / fortivoice | 6.0.0 | 6.4.10.x |
| fortinet / fortivoice | 7.0.0 | 7.0.5.x |
| fortinet / fortiweb | 6.4.0 | 7.4.5 |
| fortinet / fortios | 7.2.0 | 7.2.10 |
| fortinet / fortios | 7.0.0 | 7.0.16 |
| fortinet / fortios | 6.4.0 | 6.4.16 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime