CVE-2024-48885: 
FortiOS vulnerability analysis and mitigation

A path traversal vulnerability (CVE-2024-48885) was discovered in multiple Fortinet products, including FortiManager, FortiOS, FortiProxy, FortiRecorder, FortiVoice, and FortiWeb. The vulnerability was internally discovered by Gwendal Guégniaud of Fortinet Product Security Team and initially disclosed on January 14, 2025. This security flaw allows a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files, and a remote unauthenticated attacker with the same network access to delete an arbitrary folder (Fortinet Advisory).

The vulnerability is classified as an improper limitation of a pathname to a restricted directory vulnerability (CWE-22). It received a CVSS v3.1 base score of 9.1 (Critical) from NIST NVD with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H, while Fortinet assigned it a CVSS score of 5.3 (Medium) with vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to privilege escalation through specially crafted packets. The impact primarily affects system integrity and availability, with no direct impact on confidentiality according to the CVSS metrics. The vulnerability allows attackers to write arbitrary files and delete arbitrary folders, potentially causing significant system disruption (Fortinet Advisory).

Fortinet has released patches for affected products and versions. Users are advised to upgrade to the following versions: FortiManager to 7.6.2 or 7.4.4, FortiOS to 7.6.1, 7.4.5, 7.2.10, or 7.0.16, FortiProxy to 7.4.6, 7.2.12, or 7.0.19, FortiRecorder to 7.2.2 or 7.0.5, FortiVoice to 7.0.5 or 6.4.10, and FortiWeb to 7.6.1 or 7.4.5. As a temporary workaround, users can disable the security fabric using the command 'config system csf set status disable' or remove fabric from system interface configuration (Fortinet Advisory).