CVE-2024-35274 Information

Description

An improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2 Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests.

Reference

https://fortiguard.fortinet.com/psirt/FG-IR-24-179