
PEACH
Uma estrutura de isolamento de inquilino
Multiple relative path traversal vulnerabilities [CWE-23] were discovered in various Fortinet products including FortiMail, FortiVoice, FortiRecorder, FortiCamera & FortiNDR. The vulnerability was assigned CVE-2024-40588 and was discovered internally by Théo Leleu of the Fortinet Product Security team. The issue was initially published on August 12, 2025, with an update following on August 13, 2025 (Fortinet PSIRT).
The vulnerability allows a privileged attacker to read files from the underlying filesystem via crafted CLI requests. The issue has been classified with a CVSSv3 Score of 4.2 (Medium severity) and primarily impacts the CLI component of affected systems. The vulnerability is characterized as an improper access control issue (Fortinet PSIRT).
The vulnerability enables unauthorized file reading from the underlying filesystem, potentially exposing sensitive system information to privileged attackers. This improper access control vulnerability could lead to information disclosure and potential system compromise (Fortinet PSIRT).
Fortinet has released various fixes for affected products: FortiMail users should upgrade to version 7.6.2 or above (for 7.6.x branch) or 7.4.4 or above (for 7.4.x branch). FortiNDR users should upgrade to version 7.6.2 or above (for 7.6.x branch) or 7.4.7 or above (for 7.4.x branch). FortiRecorder users should upgrade to version 7.2.2 or above (for 7.2.x branch) or 7.0.5 or above (for 7.0.x branch). FortiVoice users should upgrade to version 7.0.5 or above (for 7.0.x branch) or 6.4.10 or above (for 6.4.x branch) (Fortinet PSIRT).
Origem: Este relatório foi gerado usando IA
Avaliação de vulnerabilidade gratuita
Avalie suas práticas de segurança na nuvem em 9 domínios de segurança para comparar seu nível de risco e identificar lacunas em suas defesas.
Marque uma demonstração personalizada
"A melhor experiência do usuário que eu já vi, fornece visibilidade total para cargas de trabalho na nuvem."
"A Wiz fornece um único painel de vidro para ver o que está acontecendo em nossos ambientes de nuvem."
"Sabemos que se a Wiz identifica algo como crítico, na verdade é."