CVE-2024-48884

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets.

Published: Jan 14, 2025
Updated: May 4, 2025
CVE: CVE-2024-48884
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
fortinet / fortiweb	7.6.0	7.6.0.x
fortinet / fortios	6.4.0	7.0.16
fortinet / fortimanager_cloud	7.4.1	7.4.4
fortinet / fortirecorder	7.2.0	7.2.2
fortinet / fortios	7.6.0	7.6.0.x
fortinet / fortios	7.4.0	7.4.5
fortinet / fortimanager	7.4.1	7.4.4
fortinet / fortimanager	7.6.0	7.6.2
fortinet / fortiproxy	1.0.0	7.0.19
fortinet / fortiproxy	7.2.0	7.2.12
fortinet / fortiproxy	7.4.0	7.4.6
fortinet / fortirecorder	7.0.0	7.0.5
fortinet / fortivoice	6.0.0	6.4.10.x
fortinet / fortivoice	7.0.0	7.0.5.x
fortinet / fortiweb	6.4.0	7.4.5
fortinet / fortios	7.2.0	7.2.10

https://fortiguard.fortinet.com/psirt/FG-IR-24-259

Vulnerability Database

289,782

CVE-2024-48884