CVE-2024-47566

Name of the Vulnerable Software and Affected Versions Fortinet FortiRecorder versions 7.2.0 through 7.2.1 Fortinet FortiRecorder versions prior to 7.0.4

Description The issue is related to a path traversal vulnerability, which allows a privileged attacker to access and delete files from the underlying filesystem by sending crafted CLI requests. This is due to an improper limitation of a pathname to a restricted directory. The vulnerability can be exploited to read, modify, and delete arbitrary files.

Recommendations For Fortinet FortiRecorder versions 7.2.0 through 7.2.1, consider disabling CLI requests until a patch is available. For Fortinet FortiRecorder versions prior to 7.0.4, update to version 7.0.4 or later to resolve the issue. As a temporary workaround, restrict access to the CLI interface to minimize the risk of exploitation.