CVE-2024-40588 | THREATINT

Description

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.

PUBLISHED Reserved 2024-07-05 | Published 2025-08-12 | Updated 2025-08-12 | Assigner fortinet

MEDIUM: 4.2CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C

Problem types

Improper access control

Product status

Default status

unaffected

7.2.0

affected

7.0.0

affected

6.4.0

affected

Default status

unaffected

7.6.0

affected

7.4.0

affected

7.2.0

affected

7.1.0

affected

7.0.0

affected

Default status

unaffected

2.1.0

affected

2.0.0

affected

1.1.0

affected

1.0.3

affected

Default status

unaffected

7.6.0

affected

7.4.0

affected

7.2.0

affected

7.0.0

affected

6.4.0

affected

Default status

unaffected

7.0.0

affected

6.4.0

affected

6.0.0

affected

References

fortiguard.fortinet.com/psirt/FG-IR-24-309

cve.org (CVE-2024-40588)

nvd.nist.gov (CVE-2024-40588)

Download JSON