Path Traversal Vulnerability in Fortinet FortiAnalyzer and FortiManager
CVE-2024-35274
2.3LOW
Key Information:
- Vendor
Fortinet
- Vendor
- CVE Published:
- 12 November 2024
What is CVE-2024-35274?
A vulnerability exists in Fortinet products, specifically FortiAnalyzer, FortiManager, and FortiAnalyzer-BigData, where improper limitations on directory paths allow a privileged attacker with administrative rights to create non-arbitrary files in a specified directory. This vulnerability can be exploited via specially crafted CLI requests, potentially compromising system integrity and access controls.