Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.
Fixes

Solution

Please upgrade to FortiRecorder version 7.2.2 or above Please upgrade to FortiRecorder version 7.0.5 or above Please upgrade to FortiNDR version 7.6.1 or above Please upgrade to FortiNDR version 7.4.7 or above Please upgrade to FortiCamera version 2.0.1 or above Please upgrade to FortiFone version 3.0.24 or above Please upgrade to FortiMail version 7.6.2 or above Please upgrade to FortiMail version 7.4.4 or above Please upgrade to FortiVoice version 7.2.0 or above Please upgrade to FortiVoice version 7.0.5 or above Please upgrade to FortiVoice version 6.4.10 or above


Workaround

No workaround given by the vendor.

History

Thu, 14 Aug 2025 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Fortinet forticamera Firmware
Fortinet fortindr
CPEs cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:forticamera:-:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:forticamera_firmware:*:*:*:*:*:*:*:*
Vendors & Products Fortinet forticamera Firmware
Fortinet fortindr

Tue, 12 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 12 Aug 2025 19:15:00 +0000

Type Values Removed Values Added
Description Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.
First Time appeared Fortinet
Fortinet forticamera
Fortinet fortimail
Fortinet fortirecorder
Fortinet fortivoice
Weaknesses CWE-23
CPEs cpe:2.3:a:fortinet:forticamera:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticamera:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticamera:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticamera:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet forticamera
Fortinet fortimail
Fortinet fortirecorder
Fortinet fortivoice
References
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2025-08-12T19:39:38.831Z

Reserved: 2024-07-05T11:55:50.010Z

Link: CVE-2024-40588

cve-icon Vulnrichment

Updated: 2025-08-12T19:38:53.230Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-12T19:15:27.397

Modified: 2025-08-14T01:14:41.250

Link: CVE-2024-40588

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.