CVE-2024-40588

Name of the Vulnerable Software and Affected Versions: Fortinet FortiMail versions 7.6.0 through 7.6.1 and prior to 7.4.3 Fortinet FortiVoice versions 7.0.0 through 7.0.5 and prior to 7.4.9 Fortinet FortiRecorder versions 7.2.0 through 7.2.1 and prior to 7.0.4 Fortinet FortiCamera versions 7.6.0 and prior to 7.4.6 Fortinet FortiNDR versions 7.6.0 and prior to 7.4.6

Description: Multiple relative path traversal vulnerabilities exist in several Fortinet products. A privileged attacker may be able to read files from the underlying filesystem by sending crafted CLI requests.

Recommendations: Fortinet FortiMail versions prior to 7.4.3 should be updated. Fortinet FortiMail versions 7.6.0 through 7.6.1 should be updated. Fortinet FortiVoice versions prior to 7.4.9 should be updated. Fortinet FortiVoice versions 7.0.0 through 7.0.5 should be updated. Fortinet FortiRecorder versions prior to 7.0.4 should be updated. Fortinet FortiRecorder versions 7.2.0 through 7.2.1 should be updated. Fortinet FortiCamera versions prior to 7.4.6 should be updated. Fortinet FortiCamera version 7.6.0 should be updated. Fortinet FortiNDR versions prior to 7.4.6 should be updated. Fortinet FortiNDR version 7.6.0 should be updated.