Published: 14/01/2025 Updated: 03/02/2025

Path Traversal in Fortinet FortiManager and FortiProxy Enabling Privilege Escalation

A path traversal vulnerability exists in multiple Fortinet products, including FortiManager, FortiOS, FortiProxy, and FortiManager Cloud across various versions. The vulnerability spans multiple release series from version 1.0.0 up to 7.6.1, affecting FortiManager, FortiOS, FortiProxy, and FortiManager Cloud. An attacker can exploit this weakness through specially crafted packets to potentially escalate privileges on the affected systems. The vulnerability impacts a wide range of product versions, including FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, and 1.0.0 through 1.0.7, as well as FortiManager Cloud versions 7.4.1 through 7.4.3.

Please upgrade to FortiRecorder version 7.2.2 or above
Please upgrade to FortiRecorder version 7.0.5 or above
Please upgrade to FortiProxy version 7.4.6 or above
Please upgrade to FortiProxy version 7.2.12 or above
Please upgrade to FortiProxy version 7.0.19 or above
Please upgrade to FortiAuthenticator version 7.0.0 or above
Please upgrade to FortiWeb version 7.6.1 or above
Please upgrade to FortiWeb version 7.4.5 or above
Please upgrade to FortiOS version 7.6.1 or above
Please upgrade to FortiOS version 7.4.5 or above
Please upgrade to FortiOS version 7.2.10 or above
Please upgrade to FortiOS version 7.0.16 or above
Please upgrade to FortiManager version 7.6.2 or above
Please upgrade to FortiManager version 7.4.4 or above
Please upgrade to FortiVoice version 7.2.0 or above
Please upgrade to FortiVoice version 7.0.5 or above
Please upgrade to FortiVoice version 6.4.10 or above
Please upgrade to FortiManager Cloud version 7.4.4 or above

Vulnerable Product	Search on Vulmon	Subscribe to Product
fortinet fortimanager 7.6.1
fortinet fortimanager 7.6.0
fortinet fortimanager 7.4.3
fortinet fortimanager 7.4.2
fortinet fortimanager 7.4.1
fortinet fortios 7.6.0
fortinet fortios 7.4.4
fortinet fortios 7.4.3
fortinet fortios 7.4.2
fortinet fortios 7.4.1
fortinet fortios 7.4.0
fortinet fortios 7.2.9
fortinet fortios 7.2.8
fortinet fortios 7.2.7
fortinet fortios 7.2.6
fortinet fortios 7.2.5
fortinet fortios 7.2.4
fortinet fortios 7.2.3
fortinet fortios 7.2.2
fortinet fortios 7.2.1
fortinet fortios 7.2.0
fortinet fortios 7.0.15
fortinet fortios 7.0.14
fortinet fortios 7.0.13
fortinet fortios 7.0.12
fortinet fortios 7.0.11
fortinet fortios 7.0.10
fortinet fortios 7.0.9
fortinet fortios 7.0.8
fortinet fortios 7.0.7
fortinet fortios 7.0.6
fortinet fortios 7.0.5
fortinet fortios 7.0.4
fortinet fortios 7.0.3
fortinet fortios 7.0.2
fortinet fortios 7.0.1
fortinet fortios 7.0.0
fortinet fortios 6.4.15
fortinet fortios 6.4.14
fortinet fortios 6.4.13
fortinet fortios 6.4.12
fortinet fortios 6.4.11
fortinet fortios 6.4.10
fortinet fortios 6.4.9
fortinet fortios 6.4.8
fortinet fortios 6.4.7
fortinet fortios 6.4.6
fortinet fortios 6.4.5
fortinet fortios 6.4.4
fortinet fortios 6.4.3
fortinet fortios 6.4.2
fortinet fortios 6.4.1
fortinet fortios 6.4.0
fortinet fortimanager
fortinet fortios
fortinet fortiproxy
fortinet fortimanager cloud
fortinet fortirecorder
fortinet fortivoice
fortinet fortiweb
fortinet fortiweb 7.6.0

CWE-22 https://nvd.nist.gov https://www.first.org/epss https://fortiguard.fortinet.com/psirt/FG-IR-24-259

CVE-2024-48884

Vulnerability Summary

Solution

Vulnerability Trend

References

Vulmon Search

About

Products

Connect