CVE-2024-48885

CVE Database · CVE-2024-48885

CVE-2024-48885

· MEDIUMModified

CVSS v3.1

5.3

EPSS

0.77%

Published

Jan 16, 2025

Modified

Jan 14, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to escalate privilege via specially crafted packets.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-22

Affected Products (6)

fortinet · fortirecorder (up to 7.0.5)vulnerable

fortinet · fortirecorder (up to 7.2.2)vulnerable

fortinet · fortivoicevulnerable

fortinet · fortiweb (up to 7.4.5)vulnerable

fortinet · fortiwebvulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-259

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs