CVE-2024-36508

Medium CVSS 6.0

Overview

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 CLI allows an authenticated admin user with diagnose privileges to delete files on the system.

CWE: CWE-22 Published: 2025-02-11T17:15:22.393

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.0 (MEDIUM)
Detected tags: path (tag impact: MODERATE)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.

Overview

Recommended tools

Tags