
PEACH
Un framework di isolamento del tenant
Multiple relative path traversal vulnerabilities [CWE-23] were discovered in various Fortinet products including FortiMail, FortiVoice, FortiRecorder, FortiCamera & FortiNDR. The vulnerability was assigned CVE-2024-40588 and was discovered internally by Théo Leleu of the Fortinet Product Security team. The issue was initially published on August 12, 2025, with an update following on August 13, 2025 (Fortinet PSIRT).
The vulnerability allows a privileged attacker to read files from the underlying filesystem via crafted CLI requests. The issue has been classified with a CVSSv3 Score of 4.2 (Medium severity) and primarily impacts the CLI component of affected systems. The vulnerability is characterized as an improper access control issue (Fortinet PSIRT).
The vulnerability enables unauthorized file reading from the underlying filesystem, potentially exposing sensitive system information to privileged attackers. This improper access control vulnerability could lead to information disclosure and potential system compromise (Fortinet PSIRT).
Fortinet has released various fixes for affected products: FortiMail users should upgrade to version 7.6.2 or above (for 7.6.x branch) or 7.4.4 or above (for 7.4.x branch). FortiNDR users should upgrade to version 7.6.2 or above (for 7.6.x branch) or 7.4.7 or above (for 7.4.x branch). FortiRecorder users should upgrade to version 7.2.2 or above (for 7.2.x branch) or 7.0.5 or above (for 7.0.x branch). FortiVoice users should upgrade to version 7.0.5 or above (for 7.0.x branch) or 6.4.10 or above (for 6.4.x branch) (Fortinet PSIRT).
Fonte: Questo report è stato generato utilizzando l'intelligenza artificiale
Valutazione gratuita delle vulnerabilità
Valuta le tue pratiche di sicurezza cloud in 9 domini di sicurezza per confrontare il tuo livello di rischio e identificare le lacune nelle tue difese.
Richiedi una demo personalizzata
"La migliore esperienza utente che abbia mai visto offre piena visibilità ai carichi di lavoro cloud."
"Wiz fornisce un unico pannello di controllo per vedere cosa sta succedendo nei nostri ambienti cloud."
"Sappiamo che se Wiz identifica qualcosa come critico, in realtà lo è."