MEDIUM 5.5
CVE-2024-46664
A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests.
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
EPSS
0.5%
percentile 67.2%
Affected tracked apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| fortinet | fortirecorder | iOS | ≥6.4.0 <7.0.5 | cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:* |
| fortinet | fortirecorder | iOS | ≥7.2.0 <7.2.2 | cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:* |