FortiClientEMS Vulnerability Allows Path Traversal and Denial of Service

CVE-2024-21753

5.5MEDIUM

Key Information

Vendor: Fortinet
Status: Forticlientems
Vendor: CVE Published:; 10 September 2024

Summary

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests

Affected Version(s)

FortiClientEMS <= 7.2.2

FortiClientEMS <= 7.0.13

FortiClientEMS <= 6.4.9

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 10, 2024
Vulnerability Reserved.
Jan 2, 2024

Collectors

NVD DatabaseMitre Database