CVE-2024-36508 in FortiManagerinfo

Summary

by MITRE • 02/11/2025

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 CLI allows an authenticated admin user with diagnose privileges to delete files on the system.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/24/2025

This vulnerability represents a critical path traversal flaw that affects Fortinet FortiManager and FortiAnalyzer products across specific version ranges. The issue stems from inadequate input validation in the command line interface where authenticated administrators with diagnose privileges can exploit improper path limitation mechanisms. The vulnerability is categorized under CWE-22 which specifically addresses path traversal vulnerabilities that allow attackers to access files and directories outside the intended restricted path. This weakness enables malicious actors to manipulate file system operations through carefully crafted commands that bypass normal access controls.

The technical exploitation of this vulnerability occurs within the command line interface of Fortinet security appliances where authenticated users with diagnose permissions can craft commands that traverse directory structures beyond the intended boundaries. When the system processes these malformed commands, it fails to properly validate or sanitize the file paths, allowing arbitrary file deletion operations to execute against the underlying operating system. This flaw essentially provides an attacker with the ability to delete critical system files, configuration data, or other sensitive information stored on the device.

The operational impact of this vulnerability extends beyond simple file deletion capabilities and represents a significant threat to system integrity and availability. An authenticated attacker with diagnose privileges can potentially compromise the entire security appliance by removing critical components such as system binaries, configuration files, or log data that would be required for proper operation. This could lead to complete system compromise, service disruption, and potential data loss that would require extensive recovery procedures including full system reinstallation and reconfiguration. The vulnerability particularly affects organizations that rely on these security appliances for network monitoring and management, as the compromise of such systems could severely impact their overall security posture.

Organizations should immediately implement mitigations including applying the latest firmware updates from Fortinet that address this specific path traversal vulnerability. The affected versions include FortiManager 7.4.0 through 7.4.2 and FortiAnalyzer 7.4.0 through 7.4.2, with the patched versions being FortiManager 7.2.5 and FortiAnalyzer 7.2.5 respectively. Additionally, administrators should review and restrict the diagnose privileges assigned to users, implementing the principle of least privilege to ensure only essential personnel have access to these elevated capabilities. Network segmentation and monitoring of CLI activity should also be enhanced to detect suspicious file operations that might indicate exploitation attempts. This vulnerability aligns with ATT&CK technique T1059.001 for command and scripting interpreter and T1485 for data destruction, making it particularly concerning for organizations following cybersecurity frameworks that emphasize both defensive measures and incident response capabilities.

Responsible

Fortinet

Reservation

05/29/2024

Disclosure

02/11/2025

Moderation

accepted

CPE

ready

EPSS

0.00224

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!