CVE-2024-32115

Name of the Vulnerable Software and Affected Versions Fortinet FortiManager versions 7.4.0 through 7.4.2 Fortinet FortiManager versions prior to 7.2.5

Description A relative path traversal issue allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPS requests. This can be achieved by sending specially crafted requests to manipulate the system. The issue is related to errors in processing relative paths to directories, which can be exploited by a remote attacker to delete arbitrary files in the file system.

Recommendations For Fortinet FortiManager versions 7.4.0 through 7.4.2, update to a version outside of the affected range to resolve the issue. For Fortinet FortiManager versions prior to 7.2.5, update to a version 7.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable HTTP or HTTPS endpoints until a patch is available.