Details of VAR-202501-2383

ID

VAR-202501-2383

CVE

CVE-2024-48884

TITLE

Path traversal vulnerability in multiple Fortinet products

Trust: 0.8

sources: JVNDB: JVNDB-2024-018118

DESCRIPTION

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets. FortiManager , FortiManager Cloud , FortiProxy There is a path traversal vulnerability in several Fortinet products, including:Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-48884 // JVNDB: JVNDB-2024-018118

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	eq	version:	7.6.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	7.6.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	7.4.4	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	lt	version:	7.0.5	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	gte	version:	7.4.1	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.2.12	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.4.6	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	7.6.2	Trust: 1.0
vendor:	fortinet	model:	fortimanager cloud	scope:	lt	version:	7.4.4	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.4.5	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	lt	version:	7.2.2	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	lte	version:	7.0.5	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	1.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lt	version:	7.4.5	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.2.10	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.0.19	Trust: 1.0
vendor:	fortinet	model:	fortirecorder	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.0.16	Trust: 1.0
vendor:	fortinet	model:	fortimanager cloud	scope:	gte	version:	7.4.1	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	gte	version:	7.6.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	lte	version:	6.4.10	Trust: 1.0
vendor:	フォーティネット	model:	fortiproxy	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortimanager cloud	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortirecorder	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortivoice	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortimanager	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-018118 // NVD: CVE-2024-48884

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2024-48884
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-48884
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2024-48884
value:	CRITICAL
Trust: 0.8

psirt@fortinet.com:	CVE-2024-48884
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-48884
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2024-48884
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-018118 // NVD: CVE-2024-48884 // NVD: CVE-2024-48884

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-018118 // NVD: CVE-2024-48884

PATCH

title:

FG-IR-24-259

url:

https://fortiguard.fortinet.com/psirt/FG-IR-24-259

Trust: 0.8

sources: JVNDB: JVNDB-2024-018118

EXTERNAL IDS

db:	NVD	id:	CVE-2024-48884	Trust: 2.6
db:	ICS CERT	id:	ICSA-25-044-06	Trust: 0.8
db:	JVN	id:	JVNVU95962757	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-018118	Trust: 0.8

sources: JVNDB: JVNDB-2024-018118 // NVD: CVE-2024-48884

REFERENCES

url:	https://fortiguard.fortinet.com/psirt/fg-ir-24-259	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu95962757/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-48884	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-06	Trust: 0.8

sources: JVNDB: JVNDB-2024-018118 // NVD: CVE-2024-48884

SOURCES

db:	JVNDB	id:	JVNDB-2024-018118
db:	NVD	id:	CVE-2024-48884

LAST UPDATE DATE

2025-02-21T21:42:06.030000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-018118	date:	2025-02-19T08:06:00
db:	NVD	id:	CVE-2024-48884	date:	2025-02-03T22:18:16.507

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-018118	date:	2025-02-05T00:00:00
db:	NVD	id:	CVE-2024-48884	date:	2025-01-14T14:15:32.873