CVE-2024-35274
Relative Path Traversal (CWE-23)
Published: Nov 12, 2024 / Updated: 7d ago
010
CVSS 2.3EPSS 0.04%Low
CVE info copied to clipboard
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Timeline
CVE Assignment
NVD published the first details for CVE-2024-35274
Nov 12, 2024 at 7:15 PM
CVSS
A CVSS base score of 2.3 has been assigned.
Nov 12, 2024 at 7:21 PM / nvd
First Article
Feedly found the first article mentioning CVE-2024-35274. See article
Nov 12, 2024 at 7:24 PM / National Vulnerability Database
CVSS Estimate
Feedly estimated the CVSS score as MEDIUM
Nov 12, 2024 at 7:24 PM
EPSS
EPSS Score was set to: 0.04% (Percentile: 10.1%)
Nov 13, 2024 at 5:07 PM
Affected Systems
Fortinet/fortianalyzer_firmware
+null more
Attack Patterns
CAPEC-139: Relative Path Traversal
+null more
News
Unauthorized file creation in FortiManager
The vulnerability allows a local user to create files in an arbitrary directory. This security bulletin contains one low risk vulnerability.
Unauthorized file creation in FortiAnalyzer
The vulnerability allows a local user to create files in an arbitrary directory. This security bulletin contains one low risk vulnerability.
NA - CVE-2024-35274 - An improper limitation of a pathname to a...
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions...
CVE-2024-35274
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI...
CVE-2024-35274 | Fortinet FortiAnalyzer/FortiManager up to 6.2.13/6.4.15/7.0.13/7.2.8/7.4.2 CLI Request path traversal (FG-IR-24-179)
A vulnerability was found in Fortinet FortiAnalyzer and FortiManager up to 6.2.13/6.4.15/7.0.13/7.2.8/7.4.2 . It has been classified as problematic . Affected is an unknown function of the component CLI Request Handler . The manipulation leads to relative path traversal. This vulnerability is traded as CVE-2024-35274 . Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.
See 5 more articles and social media posts