CVE-2024-40588

EUVD-2024-54875

12.08.2025, 19:15

Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.4 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
fortinet	CNA	4.2 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Affected Products (NVD)

Vendor	Product	Version
fortinet	forticamera_firmware	2.0.0 ≤ 𝑥 ≤ 2.1.4
fortinet	fortimail	6.4.0 ≤ 𝑥 < 7.4.4
fortinet	fortimail	7.6.0 ≤ 𝑥 < 7.6.2
fortinet	fortindr	7.0.0 ≤ 𝑥 < 7.4.7
fortinet	fortindr	7.6.0 ≤ 𝑥 < 7.6.2
fortinet	fortirecorder	6.4.0 ≤ 𝑥 < 7.0.5
fortinet	fortirecorder	7.2.0 ≤ 𝑥 < 7.2.2
fortinet	fortivoice	6.0.0 ≤ 𝑥 < 6.4.10
fortinet	fortivoice	7.0.0 ≤ 𝑥 < 7.0.5

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-23 - Relative Path Traversal
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-309