CVE-2024-46664

Name of the Vulnerable Software and Affected Versions FortiRecorder versions 7.2.0 through 7.2.1 FortiRecorder versions prior to 7.0.4

Description The issue is related to a relative path traversal in the graphical user interface of the FortiRecorder device's firmware, which is caused by errors in processing the relative path to a directory. This can be exploited by a remote attacker to read arbitrary files by sending specially crafted HTTP requests. A privileged attacker can read files from the underlying filesystem via crafted HTTP or HTTPS requests.

Recommendations For FortiRecorder versions 7.2.0 through 7.2.1, update to a version that fixes the relative path traversal issue. For FortiRecorder versions prior to 7.0.4, update to a version that fixes the relative path traversal issue. As a temporary workaround, consider restricting access to the HTTP and HTTPS endpoints that are vulnerable to the relative path traversal attack until a patch is available.