COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-48885

CVE-2024-48885

Severity
medium
Source
NVD · cve
Published
2025-01-16
CVSS
5.3
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-48885
shame 20/100

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions, FortiWeb 7

Players implicated

Fortinet · vendorfortirecorder · productfortivoice · productfortiweb · product

Description

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to escalate privilege via specially crafted packets.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.