CVE-2024-40588

EPSS 0.04%
Veröffentlicht 12.08.2025 18:59:11
Zuletzt bearbeitet 14.01.2026 10:16:02
Quelle psirt@fortinet.com
CVE-Watchlists
Login
Unerledigt
Login

Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 9 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ Forticamera Firmware Version >= 2.0.0 <= 2.1.4

Fortinet ≫ Forticamera Version-

Fortinet ≫ Fortimail Version >= 6.4.0 < 7.4.4

Fortinet ≫ Fortimail Version >= 7.6.0 < 7.6.2

Fortinet ≫ FortiNDR Version >= 7.0.0 < 7.4.7

Fortinet ≫ FortiNDR Version >= 7.6.0 < 7.6.2

Fortinet ≫ Fortirecorder Version >= 6.4.0 < 7.0.5

Fortinet ≫ Fortirecorder Version >= 7.2.0 < 7.2.2

Fortinet ≫ Fortivoice Version >= 6.0.0 < 6.4.10

Fortinet ≫ Fortivoice Version >= 7.0.0 < 7.0.5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.125

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@fortinet.com	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

https://fortiguard.fortinet.com/psirt/FG-IR-24-309

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-40588

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-40588

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-40588

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-40588