4.4
CVE-2024-40588
- EPSS 0.02%
- Published 12.08.2025 18:59:11
- Last modified 14.08.2025 01:14:41
- Source psirt@fortinet.com
- Teams watchlist Login
- Open Login
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Fortinet ≫ Forticamera Firmware Version >= 2.0.0 <= 2.1.4
Fortinet ≫ Fortirecorder Version >= 6.4.0 < 7.0.5
Fortinet ≫ Fortirecorder Version >= 7.2.0 < 7.2.2
Fortinet ≫ Fortivoice Version >= 6.0.0 < 6.4.10
Fortinet ≫ Fortivoice Version >= 7.0.0 < 7.0.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.036 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| psirt@fortinet.com | 4.4 | 0.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-23 Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.