#VU102875 Path traversal in FortiManager - CVE-2024-48885

Cybersecurity Help s.r.o.

Published: 2025-01-16

Vulnerability identifier: #VU102875

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-48885

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FortiManager
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Fortinet, Inc

Description

The vulnerability allows a remote attacker to delete arbitrary files on the system.

The vulnerability exists due to input validation error when processing directory traversal sequences within the csfd daemon. A remote attacker can send a specially crafted HTTP request and delete arbitrary files on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

FortiManager: 7.4.0 - 7.4.3, 7.6.0 - 7.6.1

External links
https://www.fortiguard.com/psirt/FG-IR-24-259

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple path traversal vulnerabilities in FortiWeb

Multiple path traversal vulnerabilities in FortiVoice

Multiple path traversal vulnerabilities in FortiRecorder

Multiple path traversal vulnerabilities in FortiProxy

Multiple path traversal vulnerabilities in FortiOS

Multiple path traversal vulnerabilities in FortiManager