
Cloud Vulnerability DB
Eine von der Community geführte Datenbank für Schwachstellen
Multiple relative path traversal vulnerabilities [CWE-23] were discovered in various Fortinet products including FortiMail, FortiVoice, FortiRecorder, FortiCamera & FortiNDR. The vulnerability was assigned CVE-2024-40588 and was discovered internally by Théo Leleu of the Fortinet Product Security team. The issue was initially published on August 12, 2025, with an update following on August 13, 2025 (Fortinet PSIRT).
The vulnerability allows a privileged attacker to read files from the underlying filesystem via crafted CLI requests. The issue has been classified with a CVSSv3 Score of 4.2 (Medium severity) and primarily impacts the CLI component of affected systems. The vulnerability is characterized as an improper access control issue (Fortinet PSIRT).
The vulnerability enables unauthorized file reading from the underlying filesystem, potentially exposing sensitive system information to privileged attackers. This improper access control vulnerability could lead to information disclosure and potential system compromise (Fortinet PSIRT).
Fortinet has released various fixes for affected products: FortiMail users should upgrade to version 7.6.2 or above (for 7.6.x branch) or 7.4.4 or above (for 7.4.x branch). FortiNDR users should upgrade to version 7.6.2 or above (for 7.6.x branch) or 7.4.7 or above (for 7.4.x branch). FortiRecorder users should upgrade to version 7.2.2 or above (for 7.2.x branch) or 7.0.5 or above (for 7.0.x branch). FortiVoice users should upgrade to version 7.0.5 or above (for 7.0.x branch) or 6.4.10 or above (for 6.4.x branch) (Fortinet PSIRT).
Quelle: Dieser Bericht wurde mithilfe von KI erstellt
Kostenlose Schwachstellenbewertung
Bewerten Sie Ihre Cloud-Sicherheitspraktiken in 9 Sicherheitsbereichen, um Ihr Risikoniveau zu bewerten und Lücken in Ihren Abwehrmaßnahmen zu identifizieren.
Eine personalisierte Demo anfordern
"Die beste Benutzererfahrung, die ich je gesehen habe, bietet vollständige Transparenz für Cloud-Workloads."
"„Wiz bietet eine zentrale Oberfläche, um zu sehen, was in unseren Cloud-Umgebungen vor sich geht.“ "
"„Wir wissen, dass, wenn Wiz etwas als kritisch identifiziert, es auch wirklich kritisch ist.“"