CVE-2024-48885

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets.

Published: Jan 16, 2025
Updated: May 4, 2025
CVE: CVE-2024-48885
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
fortinet / fortiweb	7.6.0	7.6.0.x
fortinet / fortios	6.4.0	7.0.16
fortinet / fortimanager_cloud	7.4.1	7.4.4
fortinet / fortirecorder	7.2.0	7.2.2
fortinet / fortios	7.6.0	7.6.0.x
fortinet / fortios	7.4.0	7.4.5
fortinet / fortimanager	7.6.0	7.6.2
fortinet / fortimanager	7.4.1	7.4.4
fortinet / fortiproxy	7.4.0	7.4.6
fortinet / fortiproxy	7.2.0	7.2.12
fortinet / fortiproxy	1.0.0	7.0.19
fortinet / fortirecorder	7.0.0	7.0.5
fortinet / fortivoice	6.0.0	6.4.10.x
fortinet / fortiweb	6.4.0	7.4.5
fortinet / fortios	7.2.0	7.2.10
fortinet / fortivoice	7.0.0	7.0.5.x

https://fortiguard.fortinet.com/psirt/FG-IR-24-259

Vulnerability Database

289,784

CVE-2024-48885