CVE-2024-36512

Summary

An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiManager7.4.0 <= 7.4.3affected
FortinetFortiManager7.2.0 <= 7.2.5affected
FortinetFortiManager7.0.2 <= 7.0.12affected
FortinetFortiManager6.2.10 <= 6.2.13affected
FortinetFortiAnalyzer7.4.0 <= 7.4.3affected
FortinetFortiAnalyzer7.2.0 <= 7.2.5affected
FortinetFortiAnalyzer7.0.2 <= 7.0.12affected
FortinetFortiAnalyzer6.2.10 <= 6.2.13affected

Weaknesses

  • CWE-22: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References