CVE-2024-36508
CVE-2024-36508
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.9EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
11 Feb 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 CLI allows an authenticated admin user with diagnose privileges to delete files on the system.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:F/RL:X/RC:C
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →