CVE-2024-40588

Medium CVSS 4.4

Overview

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.

CWE: CWE-23 Published: 2025-08-12T19:15:27.397

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 4.4 (MEDIUM)
Detected tags: arb_read, path (tag impact: MODERATE)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.

Overview

Recommended tools

Tags