An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.
References
| Link | Resource |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-24-115 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Jan 2025, 22:19
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:fortinet:fortianalyzer_big_data:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortianalyzer_big_data:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.9 |
| First Time |
Fortinet fortimanager
Fortinet fortianalyzer Big Data Fortinet Fortinet fortianalyzer |
|
| References | () https://fortiguard.fortinet.com/psirt/FG-IR-24-115 - Vendor Advisory |
12 Nov 2024, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-11-12 19:15
Updated : 2025-01-21 22:19
NVD link : CVE-2024-32117
Mitre link : CVE-2024-32117
JSON object : View
Products Affected
fortinet
- fortianalyzer
- fortianalyzer_big_data
- fortimanager
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')