CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-48885
https://notcve.org/view.php?id=CVE-2024-48885
16 Jan 2025 — A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets. • https://fortiguard.fortinet.com/psirt/FG-IR-24-259 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46664
https://notcve.org/view.php?id=CVE-2024-46664
14 Jan 2025 — A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-310 • CWE-23: Relative Path Traversal •
CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47566
https://notcve.org/view.php?id=CVE-2024-47566
14 Jan 2025 — A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-401 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56497
https://notcve.org/view.php?id=CVE-2024-56497
14 Jan 2025 — An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI. • https://fortiguard.fortinet.com/psirt/FG-IR-23-170 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •