CVE-2024-48884
Published: 14 January 2025
Description
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder
Security Summary
CVE-2024-48884 is a path traversal vulnerability (CWE-22) stemming from improper limitation of a pathname to a restricted directory. It affects Fortinet FortiManager versions 7.6.0 through 7.6.1 and 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, and 6.4.0 through 6.4.15, as well as FortiProxy versions 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, and all versions of 2.0, 1.2, 1.1, and 1.0.
A remote authenticated attacker with access to the security fabric interface and port can exploit this vulnerability to write arbitrary files, while a remote unauthenticated attacker can delete an arbitrary folder. The CVSS v3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), reflecting network accessibility, low attack complexity, no privileges required, and high availability impact.
Mitigation details are provided in the Fortinet PSIRT advisory FG-IR-24-259, available at https://fortiguard.fortinet.com/psirt/FG-IR-24-259.
Details
- CWE(s)