CVE-2024-48884: 
FortiOS vulnerability analysis and mitigation

CVE-2024-48884 is a path traversal vulnerability discovered in multiple Fortinet products including FortiManager, FortiOS, FortiProxy, FortiRecorder, FortiVoice, and FortiWeb. The vulnerability was discovered internally by Fortinet's Product Security Team and was initially published on January 14, 2025. This security flaw affects multiple versions of Fortinet products, with the vulnerability being classified as High severity with a CVSS v3.1 base score of 7.1 (Fortinet Advisory).

The vulnerability is classified as an improper limitation of a pathname to a restricted directory vulnerability (CWE-22). It exists in the csfd daemon of affected Fortinet products. The vulnerability received a CVSS v3.1 base score of 9.1 (Critical) from NIST NVD with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H, while Fortinet assigned it a score of 7.5 (High) (NVD).

The vulnerability allows a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files, and a remote unauthenticated attacker with the same network access to delete an arbitrary folder. This can lead to escalation of privilege via specially crafted packets (Fortinet Advisory).

Fortinet has released patches for affected products and recommends upgrading to the fixed versions. For FortiManager 7.6, upgrade to 7.6.2 or above; for FortiOS 7.6, upgrade to 7.6.1 or above. As a workaround, users can disable the security fabric using the command 'config system csf set status disable' or remove fabric from system interface configuration. FortiSASE version 24.3.c has been remediated and requires no action (Fortinet Advisory).