cvelistv5 - cve-2024-32117

cve-2024-32117

Vulnerability from cvelistv5

Published

2024-11-12 18:53

Modified

2024-11-12 20:28

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RC:C

EPSS score ?

0.05% (0.12547)

Summary

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-24-115	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

Fortinet

FortiManager

Version: 7.4.0   ≤ 7.4.2
Version: 7.2.0   ≤ 7.2.5
Version: 7.0.0   ≤ 7.0.13
Version: 6.4.0   ≤ 6.4.15
Version: 6.2.0   ≤ 6.2.13
    cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*

Fortinet

FortiAnalyzer

Version: 7.4.0   ≤ 7.4.2
Version: 7.2.0   ≤ 7.2.5
Version: 7.0.0   ≤ 7.0.13
Version: 6.4.0   ≤ 6.4.15
Version: 6.2.0   ≤ 6.2.13
    cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-32117",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-12T20:28:37.757904Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-12T20:28:55.063Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               cpes: [
                  "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiManager",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.4.2",
                     status: "affected",
                     version: "7.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.2.5",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.13",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.15",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.2.13",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiAnalyzer",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.4.2",
                     status: "affected",
                     version: "7.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.2.5",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.13",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.15",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.2.13",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-22",
                     description: "Information disclosure",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-11-12T18:53:50.491Z",
            orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            shortName: "fortinet",
         },
         references: [
            {
               name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-115",
               url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-115",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.4.1 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.2.8 or above",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
      assignerShortName: "fortinet",
      cveId: "CVE-2024-32117",
      datePublished: "2024-11-12T18:53:50.491Z",
      dateReserved: "2024-04-11T12:09:46.570Z",
      dateUpdated: "2024-11-12T20:28:55.063Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2024-32117\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2024-11-12T19:15:09.073\",\"lastModified\":\"2025-01-21T22:19:39.353\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de limitación incorrecta de una ruta de acceso a un directorio restringido ('Path Traversal') [CWE-22] en Fortinet FortiManager versión 7.4.0 a 7.4.2 y anteriores 7.2.5, FortiAnalyzer versión 7.4.0 a 7.4.2 y anteriores 7.2.5 y FortiAnalyzer-BigData versión 7.4.0 y anteriores 7.2.7 permite a un atacante privilegiado leer archivos arbitrarios del sistema subyacente a través de solicitudes HTTP o HTTPS manipuladas. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndExcluding\":\"7.2.6\",\"matchCriteriaId\":\"FF6CA5B2-29DE-4FB3-8D7D-D248A593AB79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndExcluding\":\"7.4.3\",\"matchCriteriaId\":\"AF309EFD-1770-44AF-B192-3D9816F792CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer_big_data:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.1\",\"versionEndExcluding\":\"7.2.8\",\"matchCriteriaId\":\"1A9C272F-2E14-4BC3-B3A3-1EF4E93BDBFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortianalyzer_big_data:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80598594-A45A-4E69-B968-1DD3DBD30FF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndExcluding\":\"7.2.6\",\"matchCriteriaId\":\"A3F113AF-AA71-466D-9841-15A5243ECFF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndExcluding\":\"7.4.3\",\"matchCriteriaId\":\"E4490512-36ED-4212-9D34-D74739A56E84\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-24-115\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-32117\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-12T20:28:37.757904Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-12T20:28:46.648Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiManager\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.5\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.13\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.4.15\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.2.13\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiAnalyzer\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.5\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.13\"}, {\"status\": \"affected\", \"version\": \"6.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.4.15\"}, {\"status\": \"affected\", \"version\": \"6.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.2.13\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiManager version 7.4.3 or above \\nPlease upgrade to FortiManager version 7.2.6 or above \\nPlease upgrade to FortiAnalyzer version 7.4.3 or above \\nPlease upgrade to FortiAnalyzer version 7.2.6 or above \\nPlease upgrade to FortiAnalyzer-BigData version 7.4.1 or above \\nPlease upgrade to FortiAnalyzer-BigData version 7.2.8 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-115\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-115\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"Information disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2024-11-12T18:53:50.491Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2024-32117\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-12T20:28:55.063Z\", \"dateReserved\": \"2024-04-11T12:09:46.570Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2024-11-12T18:53:50.491Z\", \"assignerShortName\": \"fortinet\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}

ghsa-6f8g-mwg3-32f9

Vulnerability from github

Published

2024-11-12 21:30

Modified

2024-11-12 21:30

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2024-32117",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-22",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2024-11-12T19:15:09Z",
      severity: "MODERATE",
   },
   details: "An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.",
   id: "GHSA-6f8g-mwg3-32f9",
   modified: "2024-11-12T21:30:52Z",
   published: "2024-11-12T21:30:52Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32117",
      },
      {
         type: "WEB",
         url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-115",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
         type: "CVSS_V3",
      },
   ],
}

gsd-2024-32117

Vulnerability from gsd

Modified

2024-04-12 05:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-32117

JSON

To clipboard

{
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2024-32117",
         ],
         id: "GSD-2024-32117",
         modified: "2024-04-12T05:02:22.161416Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "cve@mitre.org",
            ID: "CVE-2024-32117",
            STATE: "RESERVED",
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
               },
            ],
         },
      },
   },
}

wid-sec-w-2024-3447

Vulnerability from csaf_certbund

Published

2024-11-12 23:00

Modified

2024-11-12 23:00

Summary

Fortinet FortiAnalyzer: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

FortiAnalyzer ist eine Plattform zur Protokollverwaltung, Analyse und Berichterstellung. FortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiAnalyzer und Fortinet FortiManager ausnutzen, um vertrauliche Informationen preiszugeben, erweiterte Berechtigungen zu erlangen, beliebigen Code auszuführen und Dateien zu manipulieren.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "mittel",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "FortiAnalyzer ist eine Plattform zur Protokollverwaltung, Analyse und Berichterstellung.\r\nFortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiAnalyzer und Fortinet FortiManager ausnutzen, um vertrauliche Informationen preiszugeben, erweiterte Berechtigungen zu erlangen, beliebigen Code auszuführen und Dateien zu manipulieren.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- Sonstiges",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2024-3447 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3447.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2024-3447 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3447",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-23-267 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-23-267",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-23-396 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-23-396",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-098 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-098",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-099 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-099",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-115 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-115",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-116 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-116",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-125 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-125",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-179 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-179",
         },
      ],
      source_lang: "en-US",
      title: "Fortinet FortiAnalyzer: Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2024-11-12T23:00:00.000+00:00",
         generator: {
            date: "2024-11-13T12:16:11.658+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.8",
            },
         },
         id: "WID-SEC-W-2024-3447",
         initial_release_date: "2024-11-12T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2024-11-12T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer <7.4.3",
                           product_id: "T039035",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer 7.4.3",
                           product_id: "T039035-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.2.6",
                           product_id: "T039036",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.2.6",
                           product_id: "T039036-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.6",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer <7.2.6",
                           product_id: "T039038",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer 7.2.6",
                           product_id: "T039038-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:7.2.6",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.0.13",
                        product: {
                           name: "Fortinet FortiAnalyzer <7.0.13",
                           product_id: "T039039",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.0.13",
                        product: {
                           name: "Fortinet FortiAnalyzer 7.0.13",
                           product_id: "T039039-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:7.0.13",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<6.4.15",
                        product: {
                           name: "Fortinet FortiAnalyzer <6.4.15",
                           product_id: "T039040",
                        },
                     },
                     {
                        category: "product_version",
                        name: "6.4.15",
                        product: {
                           name: "Fortinet FortiAnalyzer 6.4.15",
                           product_id: "T039040-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:6.4.15",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.4.1",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.4.1",
                           product_id: "T039041",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.4.1",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.4.1",
                           product_id: "T039041-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.4.1",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.2.7",
                           product_id: "T039042",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.2.7",
                           product_id: "T039042-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.7",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.2.8",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.2.8",
                           product_id: "T039046",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.2.8",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.2.8",
                           product_id: "T039046-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.8",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud <7.4.3",
                           product_id: "T039047",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud 7.4.3",
                           product_id: "T039047-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:cloud__7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud <7.2.7",
                           product_id: "T039048",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud 7.2.7",
                           product_id: "T039048-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:cloud__7.2.7",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "FortiAnalyzer",
               },
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<7.4.3",
                        product: {
                           name: "Fortinet FortiManager <7.4.3",
                           product_id: "T039037",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.4.3",
                        product: {
                           name: "Fortinet FortiManager 7.4.3",
                           product_id: "T039037-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.2.6",
                        product: {
                           name: "Fortinet FortiManager <7.2.6",
                           product_id: "T039043",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.2.6",
                        product: {
                           name: "Fortinet FortiManager 7.2.6",
                           product_id: "T039043-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.2.6",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.0.13",
                        product: {
                           name: "Fortinet FortiManager <7.0.13",
                           product_id: "T039044",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.0.13",
                        product: {
                           name: "Fortinet FortiManager 7.0.13",
                           product_id: "T039044-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.0.13",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<6.4.15",
                        product: {
                           name: "Fortinet FortiManager <6.4.15",
                           product_id: "T039045",
                        },
                     },
                     {
                        category: "product_version",
                        name: "6.4.15",
                        product: {
                           name: "Fortinet FortiManager 6.4.15",
                           product_id: "T039045-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:6.4.15",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.4.3",
                        product: {
                           name: "Fortinet FortiManager Cloud <7.4.3",
                           product_id: "T039049",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.4.3",
                        product: {
                           name: "Fortinet FortiManager Cloud 7.4.3",
                           product_id: "T039049-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:cloud__7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.2.6",
                        product: {
                           name: "Fortinet FortiManager Cloud <7.2.6",
                           product_id: "T039050",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.2.6",
                        product: {
                           name: "Fortinet FortiManager Cloud 7.2.6",
                           product_id: "T039050-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:cloud__7.2.6",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "FortiManager",
               },
            ],
            category: "vendor",
            name: "Fortinet",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-44255",
         notes: [
            {
               category: "description",
               text: "In Fortinet FortiAnalyzer und Fortinet FortiManager besteht eine Schwachstelle. Die Sicherheitslücke ist auf eine fehlerhafte Zugriffskontrolle zurückzuführen, die zur Offenlegung personenbezogener Daten führt. Ein authentisierter Angreifer mit administrativen Leserechten kann diese Schwachstelle ausnutzen, um Ereignisprotokolle von einem anderen ADOM zu lesen, indem er bestimmte HTTP- oder HTTPS-Anfragen erstellt.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039046",
               "T039035",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2023-44255",
      },
      {
         cve: "CVE-2024-23666",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle resultiert aus einer clientseitigen Durchsetzung von serverseitigen Sicherheitsproblemen. Ein authentisierter Angreifer mit Nur-Lese-Zugriff kann diese Schwachstelle ausnutzen, um erhöhte Berechtigungen zu erlangen und nicht autorisierte, sensible Operationen durchzuführen, indem er speziell gestaltete Anfragen sendet.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-23666",
      },
      {
         cve: "CVE-2024-31496",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager aufgrund eines Stack-Based Buffer Overflow-Problems im CLI. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um durch speziell gestaltete Befehle über die CLI beliebigen Code auszuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-31496",
      },
      {
         cve: "CVE-2024-32116",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle resultiert aus mehreren relativen Pfadtraversalproblemen. Ein lokaler Angreifer mit erweiterten Rechten kann diese Schwachstelle ausnutzen, um Dateien aus dem unterliegenden Dateisystem durch speziell gestaltete CLI-Anfragen zu löschen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-32116",
      },
      {
         cve: "CVE-2024-32118",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle wird durch die unsachgemäße Neutralisierung bestimmter Elemente verursacht, was zu einem OS-Injection-Problem führt. Ein lokaler Angreifer mit erweiterten Rechten kann diese Schwachstelle ausnutzen, um beliebigen Code auszuführen, indem er bestimmte CLI-Anfragen erstellt.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-32118",
      },
      {
         cve: "CVE-2024-33505",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager aufgrund eines Heap-basierten Pufferüberlaufproblems.Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erhöhte Privilegien zu erlangen und beliebigen Code oder Befehle als Benutzer mit eingeschränkten Privilegien auszuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039045",
               "T039044",
               "T039050",
               "T039040",
               "T039039",
               "T039047",
               "T039035",
               "T039038",
               "T039049",
               "T039037",
               "T039048",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-33505",
      },
      {
         cve: "CVE-2024-35274",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Sicherheitslücke besteht aufgrund einer fehlerhaften Dateipfadbeschränkung, die eingeschränkte Directories nicht ausreichend durchsetzt. Ein lokaler Angreifer mit Administratorzugriff kann diese Schwachstelle ausnutzen, um über manipulierte CLI-Anfragen Dateien in bestimmten Directories zu erstellen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039046",
               "T039035",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-35274",
      },
      {
         cve: "CVE-2024-32117",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle ist auf ein Path-Traversal-Problem zurückzuführen, das dazu führt, dass Einschränkungen für Directories nicht korrekt durchgesetzt werden. Ein authentisierter Angreifer mit privilegiertem Zugriff kann diese Schwachstelle ausnutzen, um beliebige Dateien aus dem unterliegenden System zu lesen, indem er manipulierte HTTP- oder HTTPS-Anfragen sendet.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-32117",
      },
   ],
}

WID-SEC-W-2024-3447

Vulnerability from csaf_certbund

Published

2024-11-12 23:00

Modified

2024-11-12 23:00

Summary

Fortinet FortiAnalyzer: Mehrere Schwachstellen

Notes

Produktbeschreibung

FortiAnalyzer ist eine Plattform zur Protokollverwaltung, Analyse und Berichterstellung. FortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten.

Angriff

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "mittel",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "FortiAnalyzer ist eine Plattform zur Protokollverwaltung, Analyse und Berichterstellung.\r\nFortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiAnalyzer und Fortinet FortiManager ausnutzen, um vertrauliche Informationen preiszugeben, erweiterte Berechtigungen zu erlangen, beliebigen Code auszuführen und Dateien zu manipulieren.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- Sonstiges",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2024-3447 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3447.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2024-3447 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3447",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-23-267 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-23-267",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-23-396 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-23-396",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-098 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-098",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-099 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-099",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-115 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-115",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-116 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-116",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-125 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-125",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-179 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-179",
         },
      ],
      source_lang: "en-US",
      title: "Fortinet FortiAnalyzer: Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2024-11-12T23:00:00.000+00:00",
         generator: {
            date: "2024-11-13T12:16:11.658+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.8",
            },
         },
         id: "WID-SEC-W-2024-3447",
         initial_release_date: "2024-11-12T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2024-11-12T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer <7.4.3",
                           product_id: "T039035",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer 7.4.3",
                           product_id: "T039035-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.2.6",
                           product_id: "T039036",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.2.6",
                           product_id: "T039036-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.6",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer <7.2.6",
                           product_id: "T039038",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.2.6",
                        product: {
                           name: "Fortinet FortiAnalyzer 7.2.6",
                           product_id: "T039038-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:7.2.6",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.0.13",
                        product: {
                           name: "Fortinet FortiAnalyzer <7.0.13",
                           product_id: "T039039",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.0.13",
                        product: {
                           name: "Fortinet FortiAnalyzer 7.0.13",
                           product_id: "T039039-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:7.0.13",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<6.4.15",
                        product: {
                           name: "Fortinet FortiAnalyzer <6.4.15",
                           product_id: "T039040",
                        },
                     },
                     {
                        category: "product_version",
                        name: "6.4.15",
                        product: {
                           name: "Fortinet FortiAnalyzer 6.4.15",
                           product_id: "T039040-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:6.4.15",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.4.1",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.4.1",
                           product_id: "T039041",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.4.1",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.4.1",
                           product_id: "T039041-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.4.1",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.2.7",
                           product_id: "T039042",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.2.7",
                           product_id: "T039042-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.7",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "BigData <7.2.8",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData <7.2.8",
                           product_id: "T039046",
                        },
                     },
                     {
                        category: "product_version",
                        name: "BigData 7.2.8",
                        product: {
                           name: "Fortinet FortiAnalyzer BigData 7.2.8",
                           product_id: "T039046-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:bigdata__7.2.8",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud <7.4.3",
                           product_id: "T039047",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.4.3",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud 7.4.3",
                           product_id: "T039047-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:cloud__7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud <7.2.7",
                           product_id: "T039048",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.2.7",
                        product: {
                           name: "Fortinet FortiAnalyzer Cloud 7.2.7",
                           product_id: "T039048-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortianalyzer:cloud__7.2.7",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "FortiAnalyzer",
               },
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<7.4.3",
                        product: {
                           name: "Fortinet FortiManager <7.4.3",
                           product_id: "T039037",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.4.3",
                        product: {
                           name: "Fortinet FortiManager 7.4.3",
                           product_id: "T039037-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.2.6",
                        product: {
                           name: "Fortinet FortiManager <7.2.6",
                           product_id: "T039043",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.2.6",
                        product: {
                           name: "Fortinet FortiManager 7.2.6",
                           product_id: "T039043-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.2.6",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.0.13",
                        product: {
                           name: "Fortinet FortiManager <7.0.13",
                           product_id: "T039044",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.0.13",
                        product: {
                           name: "Fortinet FortiManager 7.0.13",
                           product_id: "T039044-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.0.13",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<6.4.15",
                        product: {
                           name: "Fortinet FortiManager <6.4.15",
                           product_id: "T039045",
                        },
                     },
                     {
                        category: "product_version",
                        name: "6.4.15",
                        product: {
                           name: "Fortinet FortiManager 6.4.15",
                           product_id: "T039045-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:6.4.15",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.4.3",
                        product: {
                           name: "Fortinet FortiManager Cloud <7.4.3",
                           product_id: "T039049",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.4.3",
                        product: {
                           name: "Fortinet FortiManager Cloud 7.4.3",
                           product_id: "T039049-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:cloud__7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Cloud <7.2.6",
                        product: {
                           name: "Fortinet FortiManager Cloud <7.2.6",
                           product_id: "T039050",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Cloud 7.2.6",
                        product: {
                           name: "Fortinet FortiManager Cloud 7.2.6",
                           product_id: "T039050-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:cloud__7.2.6",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "FortiManager",
               },
            ],
            category: "vendor",
            name: "Fortinet",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-44255",
         notes: [
            {
               category: "description",
               text: "In Fortinet FortiAnalyzer und Fortinet FortiManager besteht eine Schwachstelle. Die Sicherheitslücke ist auf eine fehlerhafte Zugriffskontrolle zurückzuführen, die zur Offenlegung personenbezogener Daten führt. Ein authentisierter Angreifer mit administrativen Leserechten kann diese Schwachstelle ausnutzen, um Ereignisprotokolle von einem anderen ADOM zu lesen, indem er bestimmte HTTP- oder HTTPS-Anfragen erstellt.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039046",
               "T039035",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2023-44255",
      },
      {
         cve: "CVE-2024-23666",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle resultiert aus einer clientseitigen Durchsetzung von serverseitigen Sicherheitsproblemen. Ein authentisierter Angreifer mit Nur-Lese-Zugriff kann diese Schwachstelle ausnutzen, um erhöhte Berechtigungen zu erlangen und nicht autorisierte, sensible Operationen durchzuführen, indem er speziell gestaltete Anfragen sendet.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-23666",
      },
      {
         cve: "CVE-2024-31496",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager aufgrund eines Stack-Based Buffer Overflow-Problems im CLI. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um durch speziell gestaltete Befehle über die CLI beliebigen Code auszuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-31496",
      },
      {
         cve: "CVE-2024-32116",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle resultiert aus mehreren relativen Pfadtraversalproblemen. Ein lokaler Angreifer mit erweiterten Rechten kann diese Schwachstelle ausnutzen, um Dateien aus dem unterliegenden Dateisystem durch speziell gestaltete CLI-Anfragen zu löschen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-32116",
      },
      {
         cve: "CVE-2024-32118",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle wird durch die unsachgemäße Neutralisierung bestimmter Elemente verursacht, was zu einem OS-Injection-Problem führt. Ein lokaler Angreifer mit erweiterten Rechten kann diese Schwachstelle ausnutzen, um beliebigen Code auszuführen, indem er bestimmte CLI-Anfragen erstellt.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-32118",
      },
      {
         cve: "CVE-2024-33505",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager aufgrund eines Heap-basierten Pufferüberlaufproblems.Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um erhöhte Privilegien zu erlangen und beliebigen Code oder Befehle als Benutzer mit eingeschränkten Privilegien auszuführen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039045",
               "T039044",
               "T039050",
               "T039040",
               "T039039",
               "T039047",
               "T039035",
               "T039038",
               "T039049",
               "T039037",
               "T039048",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-33505",
      },
      {
         cve: "CVE-2024-35274",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Sicherheitslücke besteht aufgrund einer fehlerhaften Dateipfadbeschränkung, die eingeschränkte Directories nicht ausreichend durchsetzt. Ein lokaler Angreifer mit Administratorzugriff kann diese Schwachstelle ausnutzen, um über manipulierte CLI-Anfragen Dateien in bestimmten Directories zu erstellen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039046",
               "T039035",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-35274",
      },
      {
         cve: "CVE-2024-32117",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiAnalyzer und Fortinet FortiManager. Die Schwachstelle ist auf ein Path-Traversal-Problem zurückzuführen, das dazu führt, dass Einschränkungen für Directories nicht korrekt durchgesetzt werden. Ein authentisierter Angreifer mit privilegiertem Zugriff kann diese Schwachstelle ausnutzen, um beliebige Dateien aus dem unterliegenden System zu lesen, indem er manipulierte HTTP- oder HTTPS-Anfragen sendet.",
            },
         ],
         product_status: {
            known_affected: [
               "T039043",
               "T039042",
               "T039045",
               "T039044",
               "T039041",
               "T039040",
               "T039039",
               "T039036",
               "T039035",
               "T039046",
               "T039038",
               "T039037",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-32117",
      },
   ],
}

fkie_cve-2024-32117

Vulnerability from fkie_nvd

Published

2024-11-12 19:15

Modified

2025-01-21 22:19

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

▼	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-24-115	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortianalyzer	*
fortinet	fortianalyzer	*
fortinet	fortianalyzer_big_data	*
fortinet	fortianalyzer_big_data	7.4.0
fortinet	fortimanager	*
fortinet	fortimanager	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF6CA5B2-29DE-4FB3-8D7D-D248A593AB79",
                     versionEndExcluding: "7.2.6",
                     versionStartIncluding: "6.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF309EFD-1770-44AF-B192-3D9816F792CB",
                     versionEndExcluding: "7.4.3",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortianalyzer_big_data:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A9C272F-2E14-4BC3-B3A3-1EF4E93BDBFF",
                     versionEndExcluding: "7.2.8",
                     versionStartIncluding: "6.2.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortianalyzer_big_data:7.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "80598594-A45A-4E69-B968-1DD3DBD30FF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3F113AF-AA71-466D-9841-15A5243ECFF0",
                     versionEndExcluding: "7.2.6",
                     versionStartIncluding: "6.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4490512-36ED-4212-9D34-D74739A56E84",
                     versionEndExcluding: "7.4.3",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de limitación incorrecta de una ruta de acceso a un directorio restringido ('Path Traversal') [CWE-22] en Fortinet FortiManager versión 7.4.0 a 7.4.2 y anteriores 7.2.5, FortiAnalyzer versión 7.4.0 a 7.4.2 y anteriores 7.2.5 y FortiAnalyzer-BigData versión 7.4.0 y anteriores 7.2.7 permite a un atacante privilegiado leer archivos arbitrarios del sistema subyacente a través de solicitudes HTTP o HTTPS manipuladas. ",
      },
   ],
   id: "CVE-2024-32117",
   lastModified: "2025-01-21T22:19:39.353",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 3.6,
            source: "psirt@fortinet.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-11-12T19:15:09.073",
   references: [
      {
         source: "psirt@fortinet.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-115",
      },
   ],
   sourceIdentifier: "psirt@fortinet.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "psirt@fortinet.com",
         type: "Primary",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2024-32117

Vulnerability from cvelistv5

ghsa-6f8g-mwg3-32f9

Vulnerability from github

gsd-2024-32117

Vulnerability from gsd

wid-sec-w-2024-3447

Vulnerability from csaf_certbund

WID-SEC-W-2024-3447

Vulnerability from csaf_certbund

fkie_cve-2024-32117

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature