Path Traversal Vulnerabilities in Fortinet FortiMail, FortiVoice, and FortiRecorder Products
CVE-2024-40588

4.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortirecorder; Fortindr; Forticamera; Fortimail
Vendor: CVE Published:; 12 August 2025

What is CVE-2024-40588?

Multiple relative path traversal vulnerabilities in several Fortinet products can be exploited by a privileged attacker. These vulnerabilities allow unauthorized access to sensitive files on the underlying filesystem through specially crafted CLI requests, posing a serious security risk to affected systems. Users are encouraged to apply the necessary patches and updates to mitigate these risks.

Affected Version(s)

FortiCamera 2.1.0 <= 2.1.4

FortiCamera 2.0.0

FortiCamera 1.1.0 <= 1.1.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-309

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Jul 5, 2024