CVE-2024-40588

Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-309	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:fortinet:forticamera_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fortinet:forticamera:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::

Configuration 3 (hide)

OR	cpe:2.3:a:fortinet:fortindr::::::::
	cpe:2.3:a:fortinet:fortindr::::::::

Configuration 4 (hide)

OR	cpe:2.3:a:fortinet:fortirecorder::::::::
	cpe:2.3:a:fortinet:fortirecorder::::::::

Configuration 5 (hide)

OR	cpe:2.3:a:fortinet:fortivoice::::::::
	cpe:2.3:a:fortinet:fortivoice::::::::

History

No history.

Information

Published : 2025-08-12 19:15

Updated : 2026-01-14 10:16

NVD link : CVE-2024-40588

Mitre link : CVE-2024-40588

CVE.ORG link : CVE-2024-40588

JSON object : View

Products Affected

fortinet

fortirecorder
forticamera_firmware
fortindr
fortimail
forticamera
fortivoice

CWE

CWE-23

Relative Path Traversal

{"id": "CVE-2024-40588", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2025-08-12T19:15:27.397", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-309", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-23"}]}], "descriptions": [{"lang": "en", "value": "Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests."}, {"lang": "es", "value": "Varias vulnerabilidades de path traversal relativa [CWE-23] en Fortinet FortiMail versi\u00f3n 7.6.0 a 7.6.1 y anteriores a 7.4.3, FortiVoice versi\u00f3n 7.0.0 a 7.0.5 y anteriores a 7.4.9, FortiRecorder versi\u00f3n 7.2.0 a 7.2.1 y anteriores a 7.0.4, FortiCamera y FortiNDR versi\u00f3n 7.6.0 y anteriores a 7.4.6 pueden permitir que un atacante privilegiado lea archivos del sistema de archivos subyacente a trav\u00e9s de solicitudes CLI manipuladas."}], "lastModified": "2026-01-14T10:16:02.333", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:forticamera_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92731966-B8E2-4AE4-8BC0-FA65DBE33D98", "versionEndIncluding": "2.1.4", "versionStartIncluding": "2.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fortinet:forticamera:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CFB863FD-5593-4620-8740-4EB692EA58E1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D685B2E-54A0-4D38-B93C-752632C1290A", "versionEndExcluding": "7.4.4", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F48F8EA0-53FE-41F3-8C6E-169B8CE6FBD7", "versionEndExcluding": "7.6.2", "versionStartIncluding": "7.6.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9C702F2-89AB-43EA-99AD-BDA2ADE8AB6B", "versionEndExcluding": "7.4.7", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D2E2C35-DCD7-45AA-B70D-A92FA186285C", "versionEndExcluding": "7.6.2", "versionStartIncluding": "7.6.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "152C9FCA-912A-4CE5-A3F7-3F3DE0F2825C", "versionEndExcluding": "7.0.5", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0B0D078-2F52-46B4-B9C0-162447828E1B", "versionEndExcluding": "7.2.2", "versionStartIncluding": "7.2.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC0CF97D-D86C-4D83-B787-1E251FE73995", "versionEndExcluding": "6.4.10", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C22B8401-8893-474D-AB9E-42C3F2EF79CE", "versionEndExcluding": "7.0.5", "versionStartIncluding": "7.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}